[28645] in North American Network Operators' Group
New Internet-draft on DDOS defense...
daemon@ATHENA.MIT.EDU (Vipul Shah)
Thu May 11 00:15:59 2000
Message-Id: <s919df1a.075@prv-mail20.provo.novell.com>
Date: Wed, 10 May 2000 22:13:33 -0600
From: "Vipul Shah" <svipul@novell.com>
To: <nanog@merit.edu>
Cc: "Hilarie Orman" <HORMAN@novell.com>,
"Jamshid Mahdavi" <MAHDAVI@novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
Hi All,
I'd like to bring your attention to a recent Internet-draft. The URL is:
http://www.ietf.org/internet-drafts/draft-vshah-ddos-smurf-00.txt=20
This draft proposes a specific (simple) change to RFC1122 which would
help reduce the use of Smurf amplification in DDOS attacks. This is
augments ingress filtering; it is designed specifically for the case
where the attacker (source) is using broadcast on the local LAN as
part of a DDOS attack. This is a case where ingress filtering does
not help.
We are proposing that it be an addition to the standard set by
RFC1122. We'd very much like to hear comments from people on this draft.
Vipul
