16 Sep
1996
16 Sep
'96
11:29 p.m.
Paul A Vixie writes:
If Cisco routers had TCPDUMP capability this would be a lot simpler. If all the routers in the universe had TCPDUMP, and all the router operators had eachother's phone numbers, we could track this to the source in less than five minutes. Alas, the misfit teenagers of the underworld have caught us without any of the tools we need be able to track this down.
The attacks will show up in Cisco netflow switching exports though. ftp://ftp.net.ohio-state.edu/users/maf/priv/flow.tar is the start of a toolkit. -- mark