Hi,
since we have seen the nice C stubs, we can do anything with it,
right?
I would add a third (my) strategy: reply nothing and start a process
(just a rough C program) to analyze as fast and precise as possible
(tracerouting, hopcount variation) where it comes from, what
gateways it uses, and mail it to root. Next morning you have your
collection of insomniacs in your mail, traced down to the origin.
Friendly mail to the domain's contact will clear if it was a masked
address, or it informs the foreign domain contact that somebody
within his area of responsability is monkeying around.
In case of repetition: mail to cert.
I would never honor a request with a confirming message like "Hi,
welcome at your point of destination, now try just a little bit
harder" (icmp unreachable, redirect etc).
There is, however, a compromise to be made:
tcp connection resets to well known sockets are difficult to
eliminate since some are useful for public contact. Here I think, only the
pure conservative passive TTDS approach helps: trace, track,
document, snitch.
Mike
Follow-Ups:
|
|
