[28652] in North American Network Operators' Group
Re: New Internet-draft on DDOS defense...
daemon@ATHENA.MIT.EDU (Vipul Shah)
Thu May 11 08:13:18 2000
Message-Id: <s91a4def.034@prv-mail20.provo.novell.com>
Date: Thu, 11 May 2000 06:00:39 -0600
From: "Vipul Shah" <svipul@novell.com>
To: <ferguson@cisco.com>
Cc: <nanog@merit.edu>, "Hilarie Orman" <HORMAN@novell.com>,
"Jamshid Mahdavi" <MAHDAVI@novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
The solution suggested by RFC2644 is for routers only, while the proposed =
solution is intended for end-nodes.
If DDoS Smurf attack is generated using local broadcast, RFC2644 solution =
won't prevent the attack. Read carefully the last paragraph of Section 1 =
of the draft.
Vipul
>>> Paul Ferguson <ferguson@cisco.com> 05/11/00 05:14PM >>>
How is this substantially different than RFC2644, "Changing
the Default for Directed Broadcasts in Routers"?
http://www.ietf.org/rfc/rfc2644.txt=20
- paul
At 10:13 PM 05/10/2000 -0600, Vipul Shah wrote:
>Hi All,
>
>I'd like to bring your attention to a recent Internet-draft. The URL is:
>
>http://www.ietf.org/internet-drafts/draft-vshah-ddos-smurf-00.txt=20
>
>This draft proposes a specific (simple) change to RFC1122 which would
>help reduce the use of Smurf amplification in DDOS attacks. This is
>augments ingress filtering; it is designed specifically for the case
>where the attacker (source) is using broadcast on the local LAN as
>part of a DDOS attack. This is a case where ingress filtering does
>not help.
>
>We are proposing that it be an addition to the standard set by
>RFC1122. We'd very much like to hear comments from people on this draft.
>
>Vipul
>
>
