Security Incidents mailing list archives
Re: Attacks on GRC.com
From: Vern Paxson <vern () icir org>
Date: Thu, 28 Feb 2002 17:24:58 -0800
One issue with reflective DDoS attacks is that traditional IP Traceback protocols usually only send the itrace messages either to the destination IP or along with the packet, which means that the reflectors, not the victim, get the itrace messages about the path(s) to the actual attacker. The topic came up in that class I took about perhaps sending the itrace messages to both the source and destination IPs, which would send itrace messages to the victim in reflective DDoS (since the spoofed source IP is the victim's along the path from the attacker to the reflector), but could also lead to increased traffic depending on implementation. I am not sure if this idea is being researched at the moment.
See my paper: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, V. Paxson, Computer Communication Review 31(3), July 2001. http://www.icir.org/vern/papers/reflectors.CCR.01/index.html - Vern ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Attacks on GRC.com Vern Paxson (Mar 01)