Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attacks on GRC.com

From: Vern Paxson <vern () icir org>
Date: Thu, 28 Feb 2002 17:24:58 -0800
One issue with reflective DDoS attacks is that traditional IP Traceback 
protocols usually only send the itrace messages either to the destination 
IP or along with the packet, which means that the reflectors, not 
the victim, get the itrace messages about the path(s) to the actual 
attacker.  The topic came up in that class I took about perhaps sending 
the itrace messages to both the source and destination IPs, which 
would send itrace messages to the victim in reflective DDoS (since 
the spoofed source IP is the victim's along the path from the attacker 
to the reflector), but could also lead to increased traffic depending 
on implementation.  I am not sure if this idea is being researched 
at the moment.


See my paper:

        An Analysis of Using Reflectors for Distributed Denial-of-Service
        Attacks, V. Paxson, Computer Communication Review 31(3), July 2001.

        http://www.icir.org/vern/papers/reflectors.CCR.01/index.html

- Vern

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: