From: Ryan Lackey <rdl@mit.edu>
To: Kay Ping <kping@nym.alias.net>
Message Hash: 61463a72a61f50f6bc0e208bc2ce5902de6aa839b246e99a27479aa5ebe6a70f
Message ID: <tw7btx9lpr0.fsf@the-great-machine.mit.edu>
Reply To: N/A
UTC Datetime: 1998-01-18 16:29:25 UTC
Raw Date: Mon, 19 Jan 1998 00:29:25 +0800
From: Ryan Lackey <rdl@mit.edu>
Date: Mon, 19 Jan 1998 00:29:25 +0800
To: Kay Ping <kping@nym.alias.net>
Subject: Re: Eternity - an alternative approach
Message-ID: <tw7btx9lpr0.fsf@the-great-machine.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
(Kay Ping) writes:
> It occured to me that the equivalent on the net would be to receive
> packets with invalid source addresses. They are just there, coming dowm
> the phone line to your modem. It takes significant resources and snooping
> on a massive scale to locate where they are coming from.. All this is
> assuming you can find some way to send a request with your address to the
> server.
I've looked at this idea for a while. It's great right now once you
get away from the first couple of subnets, though.
However, I've recently become aware of "IDIP", or "Intruder Detection
and Isolation Protocol" through potentially questionable sources (my
source is mostly NDA-wary). He assumes it will be implemented by
having each router cache IP address, received interface tuples.
Then, after the fact, one could go back and track someone router by
router.
The technical solution to this is to flood a router with forged packets
while using it to transfer your own data, overflowing the cache.
This presents the problem of being tracked by leaving a cloud of flooded
routers in your wake. But it's possible.
I get the impression the system is far from deployment, but that it is
being worked on is a sign that potentially someone sees the rise in
forged source address attacks and wants to curtail it.
--
Ryan Lackey
rdl@mit.edu
http://mit.edu/rdl/
Return to January 1998
Return to “Ryan Lackey <rdl@mit.edu>”
1998-01-18 (Mon, 19 Jan 1998 00:29:25 +0800) - Re: Eternity - an alternative approach - Ryan Lackey <rdl@mit.edu>