Re: Attacks on GRC.com
From: Vern Paxson (vern@icir.org)Date: 03/01/02
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: shwaine@malevolence.com Date: Thu, 28 Feb 2002 17:24:58 -0800 From: Vern Paxson <vern@icir.org>
> One issue with reflective DDoS attacks is that traditional IP Traceback
> protocols usually only send the itrace messages either to the destination
> IP or along with the packet, which means that the reflectors, not
> the victim, get the itrace messages about the path(s) to the actual
> attacker. The topic came up in that class I took about perhaps sending
> the itrace messages to both the source and destination IPs, which
> would send itrace messages to the victim in reflective DDoS (since
> the spoofed source IP is the victim's along the path from the attacker
> to the reflector), but could also lead to increased traffic depending
> on implementation. I am not sure if this idea is being researched
> at the moment.
See my paper:
An Analysis of Using Reflectors for Distributed Denial-of-Service
Attacks, V. Paxson, Computer Communication Review 31(3), July 2001.
http://www.icir.org/vern/papers/reflectors.CCR.01/index.html
- Vern
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
