Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...

  • From: David Schwartz
  • Date: Fri Dec 20 17:29:39 1996

> 3) Deal with it legally.  This is what the telco's do.  It implies that we
> would need real mechanisms for tracking down offenders.

	Personally, I'd like to see a protocol that allows you to ask a 
router to which you were directly connected to stamp an interface ID on 
all incoming packets bound for a particular network. You could then trace 
back router by router, interface by interface, where the packets were 
entering a block of cooperating providers.

	Thus if I saw an incoming flood of SYN packets or ICMP echoes 
with forged origin addresses, I could ask my router to ask all its direct 
peers to begin stamping interface numbers (and/or interface IPs) on the 
packets they send to me. My router would eat those numbers/IPs so traffic 
would appear unaffected.

	Then my tracing tool would know which interface the packets were 
coming in on and could ask that router to do the same thing (on a 
hop-by-hop basis for security reasons). Thus I could track it back to a 
specific enough interface path that perhaps an automated method to 
install a filter would be sufficient.

	This stuff needs a lot of work, but might be a direction that 
would both facilitate emergency filtering and effective tracing for IP 
packets with forged origin addresses -- assuming the packets have enough 
in common to allow them to be detected (all pings, or heavy load, or all 
to same destination IP).

	David Schwartz

- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.