nanog mailing list archives
Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...
From: David Schwartz <davids () wiznet net>
Date: Fri, 20 Dec 1996 17:26:12 -0500 (EST)
3) Deal with it legally. This is what the telco's do. It implies that we would need real mechanisms for tracking down offenders.
Personally, I'd like to see a protocol that allows you to ask a router to which you were directly connected to stamp an interface ID on all incoming packets bound for a particular network. You could then trace back router by router, interface by interface, where the packets were entering a block of cooperating providers. Thus if I saw an incoming flood of SYN packets or ICMP echoes with forged origin addresses, I could ask my router to ask all its direct peers to begin stamping interface numbers (and/or interface IPs) on the packets they send to me. My router would eat those numbers/IPs so traffic would appear unaffected. Then my tracing tool would know which interface the packets were coming in on and could ask that router to do the same thing (on a hop-by-hop basis for security reasons). Thus I could track it back to a specific enough interface path that perhaps an automated method to install a filter would be sufficient. This stuff needs a lot of work, but might be a direction that would both facilitate emergency filtering and effective tracing for IP packets with forged origin addresses -- assuming the packets have enough in common to allow them to be detected (all pings, or heavy load, or all to same destination IP). David Schwartz - - - - - - - - - - - - - - - - -
Current thread:
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter..., (continued)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Paul A Vixie (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Jim Van Baalen (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Tony Li (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Alex.Bligh (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Avi Freedman (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Alex.Bligh (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Ophir Ronen (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Tony Li (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Michael Dillon (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Tony Li (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... David Schwartz (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Alan Hannan (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... David Schwartz (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Brett L. Hawn (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Alan Hannan (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Brett L. Hawn (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Jon Zeeff (Dec 21)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Michael Dillon (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Curtis Villamizar (Dec 20)
- DoS Attacks Robert Laughlin (Dec 20)
- Re: NAP/ISP Saturation WAS: Re: Exchanges that matter... Curtis Villamizar (Dec 20)