nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 17 Jan 2003 18:58:47 +0000 (GMT)
On Fri, 17 Jan 2003, David G. Andersen wrote:
On Fri, Jan 17, 2003 at 06:38:08PM +0000, Christopher L. Morrow mooed:has something called Source Path Isolation Engine (SPIE). ThereThis would be cool to see a design/whitepaper for.. Kelly?The long version of the SPIE paper is at: http://nms.lcs.mit.edu/~snoeren/papers/spie-ton.html The two second summary that I'll probably botch: SPIE keeps a (very tiny) hash of each packet that the router sees. If you get an attack packet, you can hand it to the router and ask "From where did this come?" And then do so to the next router, and so on. The beauty of the scheme is that you can use it to trace single-packet DoS or security attacks as well as flooding attacks. The downside is that it's hardware.
This sounds like Steve Bellovin's thing called 'icmp traceback' where you make up a new icmp type message and send that query through the system, hop by hop... though I say that after only reading your blurb, not the paper :) As I recall the icmp thing (that might NOT have been all steve, I just heard him present it once) was a problem from a memory and processing perspective, not to mention 'no router does this today' so its a 3 year off feature addition... nevermind the protocol additions :)
Current thread:
- Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Clayton Fiske (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Haesu (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Mike Hogsett (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Kurt Erik Lindqvist (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 17)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 19)