On Mon, 8 Jul 1996, George Eddy wrote:
yes, forging a ping attack is pretty easy and can be done from anywhere with any source address (of course, who knows where the responses will end up), the routing proximity is irrelavant, since the source is not looked at (unless filters have been put in place, such as what the upstream provider has apparently done).
the only _I can think of_ in tracking it down, would be to backtrack the possible paths into the router. either by sniffing the possible lines coming into router, or by temporarily disabling icmp echo reqs. from all but one incoming line, until you've found the offending line, continuing back.
of course this may be impossible in many cases since you probably don't have access to the equipment (or cooperation) outside of your domain.
OK. So what if somebody is currently planning a ping battle on the global Internet, kind of like corewars in the netwrk. Then what? Do the NSP's all roll over and play dead? If I were to crosspost this reply to alt.2600 it wouldn't take long to happen you know. BTW, I won't be crossposting it there, but you get the idea, security by obscurity, etc... Is anyone working on tools to help NSP's quickly backtrack this kind of thing? Michael Dillon ISP & Internet Consulting Memra Software Inc. Fax: +1-604-546-3049 http://www.memra.com E-mail: michael@memra.com