Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ping flooding (fwd)

  • From: Michael Dillon
  • Date: Mon Jul 08 19:29:21 1996

Are there any procedures in place to track down this kind of network
abuse. In particular, is it possible that it is a stealth attack?
Before you answer, take note that this is going to appear in Bob
Metcalfe's column next week.

---------- Forwarded message ----------
Date: Mon, 8 Jul 1996 15:30:43 -0600 (MDT)
From: Kevin Rosenberg <kevin@cyberport.com>
Reply-To: inet-access@earth.com
To: inet-access@earth.com
Subject: Re: Ping flooding
Resent-Date: Mon, 8 Jul 1996 15:30:53 -0600 (MDT)
Resent-From: inet-access@earth.com

> Some months later we had an incident of massive amounts of forged email
> from a site called SUNSETDIRECT.COM.  For several weeks they sent forged

We are currently undergoing a ping flood attack, though our upstream
provider has filtered icmp from the host so the flood is no longer
affecting our T1 line.

The system administrator of the site that appears to be flooding us
doesn't believe his site is the source of the attack. He states that he
can't see the icmp packets, though I don't know how he is sniffing his
wire. 

My questions are these: 

Is it possible for someone to forged the source IP address of an icmp
packet?

If so, do they have to be in some routing proximity, or can they forge the
source address while they are connected from anywhere in the world?

Thanks!

--------------------------------------------------------------------
Kevin Rosenberg             | CyberPort Station
Chief System Administrator  | The Finest Internet Service Possible!
kevin@cyberport.com         | http://www.cyberport.com
          Finger kevin@cyberport.com for PGP Public Key
--------------------------------------------------------------------


============================== ISP Mailing List ==============================
Email ``unsubscribe'' to inet-access-request@earth.com to be removed.
Do not post flames to the list -- if you must flame, use private email.

- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.