North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Ping flooding
- From: Perry E. Metzger
- Date: Wed Jul 10 09:06:31 1996
I'm sorry, but this isn't true. The fact that routers aren't optimized
for monitoring isn't an issue.
Tracking down a ping forger, if they are flooding, is pretty easy. You
just use network monitoring equipment on each leg of the network to
trace the stuff back, leg by leg. Remote monitoring equipment isn't at
every ISP on every network connection yet, but eventually will have to
be for a variety of reasons, and there is always stuff like
RMON. Currently, tracing back all 10 or 20 hops is going to be a pain
because its a manual process, but that needn't remain the case.
Rob Gutierrez writes:
> From: Michael Dillon <email@example.com>
> > On Tue, 9 Jul 1996, Daniel W. McRobb wrote:
> > > There will likely never be a means for a single NSP to track down the
> > > real source of spoofed packets using IPv4. Service providers won't be
> > > letting other service providers track spoofed packets through their
> > > network.
> > Why not? Don't telcos do this?
> Yes, telcos do this, but they (used) to have the same problem we all
> have in the ISP world, in that your average DMS-100 voice switch is
> optimized for call processing, not for call-detail searches.
> Your average call-detail search used to take 1-2 hours for a 5 minute
> window. (I say "used to" as now the SS7 STP processors now do the
> call-detail recording, and call lookups are a matter of keystrokes and
> seconds away.)
> Router mfgrs are still in the stages of switching packets as fast as
> they can, not detail management. And of course, nooone of us want to
> drop our routers down to process switching to track packets.
> > Or if your answer is that telcos only do it for the police and not for
> > each other, then my question would be why can't we form an Internet
> > equivalent, maybe affiliated with something like CERT, that can make these
> > requests and with whom NSP's would cooperate.
> Telco call-detail lookups for law enforcement constitute <-.01% of those
> lookups (I did work at MCI's Western Region Net Mgt canter). All the
> other lookups are for maint purposes (like finding marginal trunks,
> tracking call patterns, making sure routing databases are working right,
> It's obviously going to be different in our case.
- - - - - - - - - - - - - - - - -