nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Forwarded: 47th IETF: ITRACE BOF

From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 01 Mar 2000 19:55:17 -0500


------- Forwarded Message

Return-Path: <ietf-123-owner () loki ietf org>
Received: from postal.research.att.com
        by fetchmail-4.5.7 POP3
        for <smb/localhost> (single-drop); Wed, 01 Mar 2000 19:23:02 EST
Received: from mail-green.research.att.com (mail-green.research.att.com [135.207.30.103])
        by postal.research.att.com (8.8.7/8.8.7) with ESMTP id TAA10215
        for <smb () postal research att com>; Wed, 1 Mar 2000 19:20:12 -0500 (EST)
Received: by mail-green.research.att.com (Postfix)
        id 1F98A1E032; Wed,  1 Mar 2000 19:20:12 -0500 (EST)
Received: from loki.ietf.org (loki.ietf.org [132.151.1.177])
        by mail-green.research.att.com (Postfix) with ESMTP
        id 10D301E036; Wed,  1 Mar 2000 19:20:07 -0500 (EST)
Received: (from adm@localhost)
        by loki.ietf.org (8.9.1b+Sun/8.9.1) id SAA05354
        for ietf-123-outbound.01 () ietf org; Wed, 1 Mar 2000 18:25:00 -0500 (EST)
Received: from ietf.org (odin.ietf.org [10.27.2.28])
        by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id SAA05280
        for <all-ietf () loki ietf org>; Wed, 1 Mar 2000 18:13:06 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1])
        by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA16131;
        Wed, 1 Mar 2000 18:13:04 -0500 (EST)
Delivered-To: smb () research att com
Message-Id: <200003012313.SAA16131 () ietf org>
To: IETF-Announce: ;
From: ietf-secretariat () ietf org
Cc: new-work () ietf org
Subject: 47th IETF: ITRACE BOF
Date: Wed, 01 Mar 2000 18:13:03 -0500
Sender: mbeaulie () cnri reston va us
Content-Type: text
X-UIDL: de9f75cb7001aedbabad2854bdf994cd

ICMP Traceback BOF (itrace)

Thursday, March 30 at 1530-1730
===============================

CHAIR: Steve Bellovin <smb () research att com>

DESCRIPTION:

The purpose of the BoF is to look at a mechanism to help address the 
problem of tracing back denial of service attacks.  The suggested
mechanism is that with low probability (order 1/20,000), a router
seeing a packet would send to the destination an ICMP message giving
as much information as it knows about the immediate previous hop of 
that packet.  With enough of these messages -- and if one is being 
flooded, by definition there will be a lot of traffic, so that the 
low probabilities will still result in a reasonably complete set of 
traceback packets.

Such a mechanism has other uses as well.  It lets people trace down
the source of accidentally-emitted bogus packets, i.e., those with
RFC1918 addresses.  It helps characterize the reverse path, which
traceroute does not do.

The output will be a standards-track RFC describing the packet format, 
and the conditions under which it should be sent.  Issues include 
authentication, router load, and host load.

AGENDA:

  Introduction, motivation        15 min
  Marcus Leech's prototype        20 min
  Open issues list                30 min
  Charter                         20 min



------- End of Forwarded Message



                --Steve Bellovin
Previous By Date Next
Previous By Thread Next

Current thread: