[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: ICMP Attacks???????
From:       David Ross <ross () rce ! com>
Date:       1997-08-17 5:06:13
[Download RAW message or body]


"Alex.Bligh" writes:
 > danny@genuity.net said:
 > 
 > > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp
 > > 1.1.1.1 (Fddi6/0 0060.7017.a188) -> 192.41.177.255 (0/0), 1 packet
 > 
 > I'm pretty sure this is a new feature. Wow. Useful. That's exactly
 > what I wanted. Given you are doing this I take it it's in 11.1.11CA1.
 > 
 > > Hope I haven't overlooked something obvious here .. but I'm sure that
 > > if a did someone will "enlighten" me ;-)  Of course, the one obvious
 > > thing I didn't mention is that if everyone were to deploy ingress
 > > filtering, this would be much, much easier to control.
 > 
 > The other nice solution would be an inverse traceroute that went
 > back to each router in turn, passing it a bit of BPF saying "where
 > are you getting packets like this from please?". If such a protocol
 > existed, this would allow trace back to source (or at least trace
 > back to the point where the protocol wasn't supported) which would
 > automate most of the tracking and reduce the need to persuade
 > NOCs to cooperate. There are obviously security concerns in allowing
 > 3rd parties to remotely apply packet tracking in your network, but
 > I'm sure with a cold flannel applied to forehead these could be
 > worked through. RFC time anyone?
 > 
 > Alex Bligh
 > Xara Networks
 > 
 > 

[prev in list] [next in list] [prev in thread] [next in thread]