From: McCallum, Robert (Robert.McCallum@let-it-be-thus.com)
Date: Mon Feb 24 2003 - 14:15:39 GMT-3
I think you actually require an IDS to do this
> -----Original Message-----
> From: Tony Kwok [mailto:sykwok8@yahoo.com]
> Sent: 24 February 2003 15:14
> To: ccielab@groupstudy.com
> Subject: Question about the ICMP attack
>
>
> Dear all,
>
> I have the following case. Pls suggest the solution.
>
> Supposing that one of my network interface is
> attacking by ICMP and I would like to pick those guys
> out by knowing their address. In addition, is there
> any method to identity which one is the most frequency
> attack to this interface?
>
> In my idea, I think the Netflow will be suitable
> solution. But I find netflow cannot show up the path
> for the ICMP and also it need to export the data out
> to other server. Pls correct me if I have any
> overlook. Thx.
>
> Regards,
> Tony
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:33 GMT-3