Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

So.. you want to track some DoS traffic?

  • From: Christopher L. Morrow
  • Date: Sun Jul 01 17:37:58 2001

First off, everyone already should know that these views are mine, not

Ok, with the recent craziness on NANOG about DoS Attacks, spoofed packets,
tracking attacks and other DoS related junk I figured I'd post out a
quicky tracking method that does NOT require hop-by-hop tracking.  This
method works will pretty much all spoofed attacks (synfloods/smurfs for

A brief overview of the method would be: "Track the attack from the after
effect of the attack, not the attack itself"

A link to the details, which includes cut/paste router config bits for
Cisco and Juniper routers. I'd include other router vendor cut/paste but I
only had time to figure out the two included... if someone wants to post
proper other configs (verified hopefully) I'll add them in also.


Credit: Credit should go to those listed in the link, UUNET's TAC-Eng
group, UUNET's Net-Sec group, UUNET's Customer Router Security Group, and a few others I have forgotten.

The goal of posting this info out to NANOG is to get other backbone's to
implement this so attacks can be traced in less time and with less effort
by all parties. I can succesfully track an attack across my backbone in
under 2 minutes with this method where the hop-by-hop has taken me over 8
hours in extreme circumstances (as Paul Vixie can attest since he waited
on the call while I did it).

Suggestions for improvement or deletions to these procedures would be
welcome as well. 



Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.