North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ICMP Attacks???????
- From: David Ross
- Date: Sun Aug 17 01:39:55 1997
> email@example.com said:
> > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp
> > 220.127.116.11 (Fddi6/0 0060.7017.a188) -> 18.104.22.168 (0/0), 1 packet
> I'm pretty sure this is a new feature. Wow. Useful. That's exactly
> what I wanted. Given you are doing this I take it it's in 11.1.11CA1.
> > Hope I haven't overlooked something obvious here .. but I'm sure that
> > if a did someone will "enlighten" me ;-) Of course, the one obvious
> > thing I didn't mention is that if everyone were to deploy ingress
> > filtering, this would be much, much easier to control.
> The other nice solution would be an inverse traceroute that went
> back to each router in turn, passing it a bit of BPF saying "where
> are you getting packets like this from please?". If such a protocol
> existed, this would allow trace back to source (or at least trace
> back to the point where the protocol wasn't supported) which would
> automate most of the tracking and reduce the need to persuade
> NOCs to cooperate. There are obviously security concerns in allowing
> 3rd parties to remotely apply packet tracking in your network, but
> I'm sure with a cold flannel applied to forehead these could be
> worked through. RFC time anyone?
> Alex Bligh
> Xara Networks