smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
brad at b63695.student.cwru.edu
Mon Dec 29 00:40:18 UTC 1997
> ICMP floods vs TCP floods. Aren't they both IP or have I missed something
> glaringly obvious.
Yes, both are independent of the network layer protocol which
operates beneath them (which in this case is IP)
The difference is that you can filter icmp seperately from tcp
to give you some sort of granularity with your acl policy. This
is important in that if you deny icmp traffic to a specific segment
of your network (or in from your serial interface for the
whole thing) you are still vulnerable to the publicized attacks
which exploit vulnerabilities inherent in TCP.
The whole point for this discussion was that you should be
a responsible network administrator and understand the trouble
you could cause the people you are connected to. Once you understand
that, you can take use the facilities that your vendor provides
to limit the damage so to speak.
ber at cwru.edu
More information about the NANOG