Re: Tracing/finding smurf, DOS, Syn flooding, etc traffic

Glynn Clements (glynn@sensei.co.uk)
Sun, 14 Mar 1999 17:22:38 +0000 (GMT)


Adam Neat wrote:

> does anyone know of a way to easily trace syn flooding, dos, smurf and
> other types of traiffc on a network?

What do you mean by `trace'? If you want to find where it came from,
the answer is that you can't. Attacks which don't require the sender
to receive any data can (and therefore do) use a spoofed source
address.

ICMP-flooding attacks can be logged with icmplogd. There may be
something similar for SYN-flooding, but I don't know offhand.

-- 
Glynn Clements <glynn@sensei.co.uk>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu