From lucas@wasteland.org Sun Sep 15 14:04:00 1996 Received: from wrath.netline.net (lucas@srq14.netline.net [205.160.7.74]) by suburbia.net (8.7.4/Proff-950810) with SMTP id OAA05730 for ; Sun, 15 Sep 1996 14:03:51 +1000 Received: from localhost (lucas@localhost) by wrath.netline.net (8.6.12/8.6.9) with SMTP id AAA00297; Mon, 16 Sep 1996 00:03:56 -0400 X-Authentication-Warning: wrath.netline.net: lucas owned process doing -bs Date: Mon, 16 Sep 1996 00:03:56 -0400 (EDT) From: Synthesizer Punk X-Sender: lucas@wrath.netline.net To: route@onyx.infonexus.com cc: best-of-security@suburbia.net Subject: Re: BoS: ping flood In-Reply-To: <19960915033427.29601.qmail@onyx.infonexus.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 14 Sep 1996 route@onyx.infonexus.com wrote: : Ping floods are *always* barrages of ICMP_ECHO packets. Well, just goes to show my lack of knowledge in the ICMP protocol Still putting off my purchase of TCP/IP Illustrated I.... : If the ping flood is done right, the source address will be spoofed, and : random enough that blocking a single class C would be ineffectual. The : only choice here is to drop all ICMP_ECHO traffic at the NAP. Widening the subject field, I'd like to bring up the fact that ICMP isn't the only protocol being abused in order to stop the flow of data on networks... UDP seems to be popular these days, and little lovely programs such as octopus just create a buttload of socket connections. There are really two kinds of flooder personas, the learned and the newbie.. the newbie just pulls something like ping -s 8096 or a few backgrounded ping -f's like my old ISP used to do to kill off the local competition. I was just a web guy then, and now am quite ashamed of my association with such lowbrow tactics. Then there's the career criminal, the guy with IEF or something of similar nature that just opens a raw socket and goes nuts... I'm not an expert, just telling what I know, which is quite limited when it comes to actual sockets and datagrams. cryptopsychonihilisticanarchaicstraightedgeinformationfreaksynthesizerpunk lucas@wasteland.org, ftp://valkyrie.wasteland.org, irc://irc.wasteland.org http://www.wasteland.org, Information enthusiast. Wasteland leader.