Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Proposal for mitigating DoS attacks

  • From: Barry Shein
  • Date: Wed Jul 14 00:58:56 1999


How outlandish would it be (and I realize it'd have to be done in the
router software and all that implies) to just turn on source routing
on particular types of packets (e.g., ICMP) and, optionally, strip it
as it went out the edge routers? Would this really add all that much
to the total bandwidth?  I haven't looked at the overhead, but with a
max diameter of, say, 16 it'd be 64 (16x4) bytes plus whatever
overhead per (ICMP) packet, and that's pretty much a worst case. Then
packets could be easily analyzed at the target router and immediately
traced right back to the first "responsible" router very near the
source, probably at the origin site in most cases, bypassing any need
to trace in between.

And yes I mean all the time, not just when there's an attack in
progress.

But if it were stripped back to a regular ICMP packet before it went
out, e.g., a customer's T1 it wouldn't impose any burden on the
customer's last mile bandwidth, other than whatever processing is
involved in the router they're attached to, but I'll assume that's
insignificant from the point of view of that customer under normal
conditions.

-- 
        -Barry Shein

Software Tool & Die    | bzs@world.std.com          | http://www.world.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.