From: Mustafa M Bayramov (spyroot@azeronline.com)
Date: Mon Feb 24 2003 - 16:42:49 GMT-3
You can slowdown ICMP flood by implementing CAR on ingress interface
And you should understand if the attacker flood you hi will use spoofed
IP address. If the attacker host has more bandwidth then you can only
ask your upstream provider to implement ICMP traffic reduction (CAR).
The same protection scenario you can implement to UDP flood.
Regards
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony Kwok
Sent: Monday, February 24, 2003 7:14 AM
To: ccielab@groupstudy.com
Subject: Question about the ICMP attack
Dear all,
I have the following case. Pls suggest the solution.
Supposing that one of my network interface is
attacking by ICMP and I would like to pick those guys
out by knowing their address. In addition, is there
any method to identity which one is the most frequency
attack to this interface?
In my idea, I think the Netflow will be suitable
solution. But I find netflow cannot show up the path
for the ICMP and also it need to export the data out
to other server. Pls correct me if I have any
overlook. Thx.
Regards,
Tony
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:33 GMT-3