[54800] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (David G. Andersen)
Fri Jan 17 01:30:40 2003
Date: Fri, 17 Jan 2003 01:29:54 -0500
From: "David G. Andersen" <dga@lcs.mit.edu>
To: nanog@merit.edu
Mail-Followup-To: "David G. Andersen" <dga@lcs.mit.edu>,
nanog@merit.edu
In-Reply-To: <20030117061114.GH61038@lcs.mit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Jan 17, 2003 at 01:11:14AM -0500, David G. Andersen mooed:
>
> b) Ioannidis and Bellovin proposed a mechanism called "Pushback"
> for automatically establishing router-based rate limits to
> staunch packet flows during DoS attacks.
> [NDSS 2002, "Implementing Pushback: Router-Based Defense
> Against DDoS Attacks"]
I should have been a bit more accurate here. The proposal for
pushback is actually earlier than the implementation paper I cited above:
"Controlling High Bandwidth Aggregates in the Network. Ratul Mahajan,
Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott
Shenker. July, 2001."
and it also included an internet-draft:
http://www.aciri.org/floyd/papers/draft-floyd-pushback-messages-00.txt
I believe that Steve Bellovin gave a talk about it at NANOG 21:
http://www.research.att.com/~smb/talks/pushback-nanog.pdf
-Dave (I'll learn not to send mail past midnight some day)
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
I do not accept unsolicited commercial email. Do not spam me.
