15 Aug
1997
15 Aug
'97
3:03 p.m.
Josh Beck writes:
I think it's critical that routers be capable of logging the hardware addresses of ICMP, along with source addresses, so that these attacks can be traced across shared media at exchanges.
ICMP is only one of a dozen ways to attack people. There is no point in specially targetting ICMP. Unfortunately, it is, in practice, impossible to log ALL the traffic across a very busy router at an exchange point. In my opinion, the only long term solution here is software that is "smart" about tracebacks -- that is, can be directed in real time to log certain classes of traffic. Perry