ICMP Attacks???????

David Ross ross at rce.com
Sun Aug 17 05:06:13 UTC 1997

"Alex.Bligh" writes:
 > danny at genuity.net said:
 > > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp
 > > (Fddi6/0 0060.7017.a188) -> (0/0), 1 packet
 > I'm pretty sure this is a new feature. Wow. Useful. That's exactly
 > what I wanted. Given you are doing this I take it it's in 11.1.11CA1.
 > > Hope I haven't overlooked something obvious here .. but I'm sure that
 > > if a did someone will "enlighten" me ;-)  Of course, the one obvious
 > > thing I didn't mention is that if everyone were to deploy ingress
 > > filtering, this would be much, much easier to control.
 > The other nice solution would be an inverse traceroute that went
 > back to each router in turn, passing it a bit of BPF saying "where
 > are you getting packets like this from please?". If such a protocol
 > existed, this would allow trace back to source (or at least trace
 > back to the point where the protocol wasn't supported) which would
 > automate most of the tracking and reduce the need to persuade
 > NOCs to cooperate. There are obviously security concerns in allowing
 > 3rd parties to remotely apply packet tracking in your network, but
 > I'm sure with a cold flannel applied to forehead these could be
 > worked through. RFC time anyone?
 > Alex Bligh
 > Xara Networks

More information about the NANOG mailing list