Ping flooding (fwd)


IMHO, there are two seperate issues here.

- better tools would be nice. Although I think tracking packets
   would be too CPU intensive for today's routers I do think having
   such a feature would be a good thing. The RAM/ROM to hold the extra
   microcode is cheap, and if it can be turned off/on at will I see no
   harm in having it. When someone will have time to add the code is
   a seperate issue.

- why can't my [NSP | TelCo | GME (Godlike Monolithic Entity)] provide
   me with data on who is spamming my net. I think that is a seperate
   issue. The TELCOs have an advantage here in that it is MUCH harder
   to fake caller ID than to fake ICMP headers. I would be willing to bet
   that if someone who really knew their way around the SS7 network decided to
   make your life difficult Ma Bell would have a hell of a hard time
   tracking them down. Most of the TELCO switchmen I have dealt with
   could not trace a phone call with any reliability. At this point
   it requires a fair amounf of time, from a fair amount of talented
   people to track this stuff down. In all the cases I dealt with,
   people from many service providers were very cooperative if the
   denial of service attack was in progress. After the fact people
   seemed to expend effort to the extent they felt they could help.
   Which for most people is 0 (after the fact it is pretty hard to
   say who denied what to whom with any certainy)

This is the way it is, but not the way it must always be.

Feel free to talk to the router vendor of choice and explain to
them that this functionality is important to you. In the mean
time, I hope you will excuse me while I go off and cope with my
own problems. I honestly wish you the best of luck in your endeavors,


Larry Plato