[54823] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (David G. Andersen)
Fri Jan 17 13:45:13 2003
Date: Fri, 17 Jan 2003 13:44:34 -0500
From: "David G. Andersen" <dga@lcs.mit.edu>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: John Kristoff <jtk@aharp.is-net.depaul.edu>, nanog@merit.edu
Mail-Followup-To: "David G. Andersen" <dga@lcs.mit.edu>,
"Christopher L. Morrow" <chris@UU.NET>,
John Kristoff <jtk@aharp.is-net.depaul.edu>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.33.0301171752520.19744-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Jan 17, 2003 at 06:38:08PM +0000, Christopher L. Morrow mooed:
>
> > has something called Source Path Isolation Engine (SPIE). There
>
> This would be cool to see a design/whitepaper for.. Kelly?
The long version of the SPIE paper is at:
http://nms.lcs.mit.edu/~snoeren/papers/spie-ton.html
The two second summary that I'll probably botch: SPIE keeps a (very tiny)
hash of each packet that the router sees. If you get an attack packet,
you can hand it to the router and ask "From where did this come?"
And then do so to the next router, and so on. The beauty of the scheme
is that you can use it to trace single-packet DoS or security attacks
as well as flooding attacks. The downside is that it's hardware.
-Dave
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
I do not accept unsolicited commercial email. Do not spam me.
