Date: Thu, 21 Nov 1996 23:13:18 -0800 (PST) From: Michael Dillon <michael@memra.com> To: isp@freebsd.org Subject: Re: ICMP Ping Flood tracing Message-ID: <Pine.BSI.3.93.961121230943.10724D-100000@sidhe.memra.com> In-Reply-To: <Pine.PTX.3.95.961121202217.6675D-100000@soda.CSUA.Berkeley.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Nov 1996, Veggy Vinny wrote: > Is there anyway to trace ICMP Ping Floods to see where the source > machine is that is flooding your machine? Thanks. If they all have the same source address that is likely to be their origin so contact the admin's of the site containing that address. Otherwise you may have to track it back one hop at a time with the help of your service provider. They *WILL* do this for ping flood attacks and for SYN flood attacks but you may have to hammer them over the head to get to talk to the right people. In other words, if you get a tech support droid that says "Huh?" tell them it is an emergency and that your site is under attack and that you need to talk to their security department NOW! Time is usually of the essence in tracking these attacks back to source when they are using forged source addresses. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.961121230943.10724D-100000>