From: Albert Lu (albert_lu@optushome.com.au)
Date: Mon Feb 24 2003 - 14:11:46 GMT-3
Hi Tony,
Try ACL with ACL logging. This should log any violations with their IP
address. Remember to turn on accounting for the interface. Take a look at
the DocCD, that should give you good examples.
Albert
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Tony Kwok
Sent: Tuesday, February 25, 2003 2:14 AM
To: ccielab@groupstudy.com
Subject: Question about the ICMP attack
Dear all,
I have the following case. Pls suggest the solution.
Supposing that one of my network interface is
attacking by ICMP and I would like to pick those guys
out by knowing their address. In addition, is there
any method to identity which one is the most frequency
attack to this interface?
In my idea, I think the Netflow will be suitable
solution. But I find netflow cannot show up the path
for the ICMP and also it need to export the data out
to other server. Pls correct me if I have any
overlook. Thx.
Regards,
Tony
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:33 GMT-3