Re: ICMP traceback

Discussion in 'Cisco' started by Terry Baranski, Jun 20, 2004.

  1. On Sat, 19 Jun 2004 22:38:52 -0700, Tejas Kokje <> wrote:

    >Hi,
    >
    >For ICMP traceback why do we need "large unused address space" ? Does
    >that mean that attackers(of DDOS) always use unused address space for
    >attacking ?


    The belief is that spoofed attacks tend to use all address space;
    i.e., randomized addresses throughout all IPv4 address space or at
    least up to 224/8. So if you route a large block of unallocated
    address space for traceback in your network, statistically some of the
    attack packets will be sourced by that address space, so the
    unreachables generated by the null0/discard route will be sent to your
    sinkhole. You wouldn't want to use an allocated address block here as
    it could affect how your network routes legitimate traffic sent to
    those addresses.

    -Terry
    Terry Baranski, Jun 20, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PJML
    Replies:
    4
    Views:
    745
  2. Henrik Koksby Hansen

    Cisco 678 CBOS 2.4.6 problems with icmp ...

    Henrik Koksby Hansen, Oct 16, 2003, in forum: Cisco
    Replies:
    0
    Views:
    488
    Henrik Koksby Hansen
    Oct 16, 2003
  3. Henrik Koksby Hansen

    Cisco 67x and icmp ...

    Henrik Koksby Hansen, Oct 20, 2003, in forum: Cisco
    Replies:
    1
    Views:
    421
    Walter Roberson
    Oct 20, 2003
  4. Douw Gerber
    Replies:
    1
    Views:
    566
    Richard Deal
    Nov 13, 2003
  5. Scott Townsend
    Replies:
    2
    Views:
    10,049
    Scott Townsend
    May 4, 2006
Loading...

Share This Page