Re: New Internet-draft on DDOS defense...
12 May
2000
12 May
'00
11:08 a.m.
On Thu, 11 May 2000, Owen DeLong wrote:
Right answer, wrong reason. The originating host will be easy to identify because the MAC address of the originating machine of the ECHO-REQUEST packets will be contained in the packets.
I have to strongly disagree, MAC addresses don't make it across router boundaries, source IP addresses do.
Besides, MAC addresses are quite often changeable.
Source IP's are even easier to modify than source MAC addresses. However, at least on a switched LAN, most switches provide some way to show the MAC forwarding table. As such, you can at least isolate which port the packets are originating from. Owen
8992
Age (days ago)
8992
Last active (days ago)
0 comments
1 participants
participants (1)
-
owen@dixon.delong.sj.ca.us