Security Incidents mailing list archives
RE: Attacks on GRC.com
From: Shwaine <shwaine () malevolence com>
Date: Thu, 28 Feb 2002 13:23:36 -0800
In the grad class I took last spring on Internet protocols and security, this kind of attack was called a "reflective distributed denial of service attack". There is plenty of research into how to trace forged packets back to their original source, called IP Traceback. There is also a IETF working group on a type of IP Traceback called ICMP Traceback, http://www.ietf.org/html.charters/itrace-charter. html. One issue with reflective DDoS attacks is that traditional IP Traceback protocols usually only send the itrace messages either to the destination IP or along with the packet, which means that the reflectors, not the victim, get the itrace messages about the path(s) to the actual attacker. The topic came up in that class I took about perhaps sending the itrace messages to both the source and destination IPs, which would send itrace messages to the victim in reflective DDoS (since the spoofed source IP is the victim's along the path from the attacker to the reflector), but could also lead to increased traffic depending on implementation. I am not sure if this idea is being researched at the moment. Shwaine -------------------------------------------------------------- http://www.malevolence.com http://www.shwaine.com telnet://shwaine.dyn.greystoneapts.com:3000 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Attacks on GRC.com HarryM (Feb 28)
- <Possible follow-ups>
- RE: Attacks on GRC.com Chmielarski TOM-ATC090 (Feb 28)
- RE: Attacks on GRC.com Dave Salovesh (Feb 28)
- RE: Attacks on GRC.com Shwaine (Feb 28)