ICMP Attacks???????

danny@genuity.net said:

Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp (Fddi6/0 0060.7017.a188) -> (0/0), 1 packet

I'm pretty sure this is a new feature. Wow. Useful. That's exactly
what I wanted. Given you are doing this I take it it's in 11.1.11CA1.

Hope I haven't overlooked something obvious here .. but I'm sure that
if a did someone will "enlighten" me :wink: Of course, the one obvious
thing I didn't mention is that if everyone were to deploy ingress
filtering, this would be much, much easier to control.

The other nice solution would be an inverse traceroute that went
back to each router in turn, passing it a bit of BPF saying "where
are you getting packets like this from please?". If such a protocol
existed, this would allow trace back to source (or at least trace
back to the point where the protocol wasn't supported) which would
automate most of the tracking and reduce the need to persuade
NOCs to cooperate. There are obviously security concerns in allowing
3rd parties to remotely apply packet tracking in your network, but
I'm sure with a cold flannel applied to forehead these could be
worked through. RFC time anyone?

Alex Bligh
Xara Networks

I think UUNet has a tool similar to this that they use internally.