[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

backtracking forged packets?

Subject: backtracking forged packets?
From: cpolish at surewest.net (cpolish at surewest.net)
Date: Mon, 16 Mar 2020 19:18:33 -0700
In-reply-to: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>
References: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>

On 2020-03-13 23:23, William Herrin wrote:
> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.

FWIW, Bellovin et al proposed an ICMP traceback mechanism in 2001
( https://tools.ietf.org/html/draft-ietf-itrace-04 ), but it seems
not to have progressed. Abstract:

     It is often useful to learn the path that packets take through the
     Internet, especially when dealing with certain denial-of-service
     attacks. We propose a new ICMP message, emitted randomly by routers
     along the path and sent randomly to the destination (to provide
     useful information to the attacked party) or to the origin (to
     provide information to decipher reflector attacks).

-- 
Chuck Polisher

References:
- backtracking forged packets?
  - From: bill at herrin.us (William Herrin)

Prev by Date: COVID-19 vs. our Networks
Next by Date: COVID-19 vs. our Networks
Previous by thread: backtracking forged packets?
Next by thread: backtracking forged packets?
Index(es):
- Date
- Thread