Re: New Internet-draft on DDOS defense...

["Vipul Shah" <svipul () novell com>]

The solution suggested by RFC2644 is for routers only, while the proposed solution is intended for end-nodes.

If DDoS Smurf attack is generated using local broadcast, RFC2644 solution won't prevent the attack. Read carefully the 
last paragraph of Section 1 of the draft.

Vipul


> > > Paul Ferguson <ferguson () cisco com> 05/11/00 05:14PM >>>
How is this substantially different than RFC2644, "Changing
the Default for Directed Broadcasts in Routers"?

  http://www.ietf.org/rfc/rfc2644.txt 

- paul


At 10:13 PM 05/10/2000 -0600, Vipul Shah wrote:


> Hi All,
>
> I'd like to bring your attention to a recent Internet-draft.  The URL is:
>
> http://www.ietf.org/internet-drafts/draft-vshah-ddos-smurf-00.txt 
>
> This draft proposes a specific (simple) change to RFC1122 which would
> help reduce the use of Smurf amplification in DDOS attacks.  This is
> augments ingress filtering; it is designed specifically for the case
> where the attacker (source) is using broadcast on the local LAN as
> part of a DDOS attack.  This is a case where ingress filtering does
> not help.
>
> We are proposing that it be an addition to the standard set by
> RFC1122.  We'd very much like to hear comments from people on this draft.
>
> Vipul