ICMP Attacks???????
Josh Beck
jbeck at connectnet.com
Fri Aug 15 19:09:32 UTC 1997
> ICMP is only one of a dozen ways to attack people. There is no point
> in specially targetting ICMP.
Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away.
> In my opinion, the only long term solution here is software that is
> "smart" about tracebacks -- that is, can be directed in real time to
> log certain classes of traffic.
It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.
Josh Beck jbeck at connectnet.com
----------------------------------------------------------------------
CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208 San Diego, CA 92121
----------------------------------------------------------------------
More information about the NANOG
mailing list