[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] itrace

Good thing we're relying on more protection than just spoofing:


ICMP Traceback BOF (itrace)

CHAIR: Steve Bellovin <smb@research.att.com>


The purpose of the BoF is to look at a mechanism to help address the 
problem of tracing back denial of service attacks.  The suggested
mechanism is that with low probability (order 1/20,000), a router
seeing a packet would send to the destination an ICMP message giving
as much information as it knows about the immediate previous hop of 
that packet.  With enough of these messages -- and if one is being 
flooded, by definition there will be a lot of traffic, so that the 
low probabilities will still result in a reasonably complete set of 
traceback packets.