North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: New Internet-draft on DDOS defense...
- From: Owen DeLong
- Date: Fri May 12 11:12:16 2000
> >On Thu, 11 May 2000, Owen DeLong wrote:
> >> Right answer, wrong reason. The originating host will be easy to identify
> >> because the MAC address of the originating machine of the ECHO-REQUEST
> >> packets will be contained in the packets.
> >I have to strongly disagree, MAC addresses don't make it across router
> >boundaries, source IP addresses do.
> Besides, MAC addresses are quite often changeable.
Source IP's are even easier to modify than source MAC addresses. However,
at least on a switched LAN, most switches provide some way to show the
MAC forwarding table. As such, you can at least isolate which port
the packets are originating from.