Hamid, > Maybe a newbie question, but I was wondering if > back-tracing packets to its > source is a service provider requirement? I mean if > one of my hosts is being > attacked, for example a simple ICMP DoS attack, what > could I do if the service provider doesn't cooperate? Requirement? Not hardly. If you're experiencing an attack, you can (a) configure your own systems (routers, f/ws) to protect against it, and (b) *ask* your ISP to do the same. > I was wondering if there are certain procedures to > detect the source of attacks? What attacks? Things like ICMP DoS and even UDP-based attacks like Slammer are relatively easy to spoof...TCP-based attacks (except for things like SYN flooding) are more difficult. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 16:24:45 PST