North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
!white.house, !panacea, new traceback paper from stefan savage
- From: k claffy
- Date: Mon Feb 14 16:00:16 2000
(not sure if this has been posted yet, sorry if so)
new relevant paper worth checking out by stefan savage et al
(david, ann, tom, all UW)
disclaimer, these folks just at the "explore the problem" stage
and not the "propose a complete implementation now" stage.
but exploring the problem
On Thu, Feb 10, 2000 at 05:14:56PM -0800, Stefan Savage wrote:
We've been doing some work on efficient network support
for tracing denial-of-service attacks and all of a sudden
the topic has some relevance (a strange experience as
a researcher ;-). Anyway, this seemed like a good time
to introduce our work and try to get some feedback on it.
We've put a copy of our paper at:
If you have a moment, we'd definitely appreciate any comments
you might have. We're also especially interested in getting
feedback from the ISP operations community and from equipment
vendors, so please feel free to forward this to anyone you
think might be interested. Thanks!
coauthor david wetherall <email@example.com>
(and anna and tom)
speaking of non-panaceas,
brett mentioned caida passive monitoring for security.
coralreef has some bits that can detect port-scanning and
then auto-trigger full framed collection on specific filter
but it's quite different animal from traceback
eg., what rstone's centertrack trying to do
(not sure where that stands wrt deployment)
or what ddrew's cisco-based DOStracker did for what's.now.cw.net
brettw also said
if we installed passive monitors on IX links between providers, we
might be able to do some interesting security traces.
reckon you[pl.]'d have to install a lot of them
and some facility for correlating among them
(and at least coral doesn't have any of that yet,
nor any kind of auto-paging when something looks suspicious)
again, nothing money & hardware & code & a NOC contact list
can't heavily dent in a year or 2 if folks wanted it badly enough.
and with other positive benefits to boot.
(in case folks think the malice of undersocial teenagers
is the biggest threat we face...)