[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: resistance to swamping attacks.

To: John Gilmore <gnu@toad.com>
Subject: Re: resistance to swamping attacks.
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 19 Sep 1996 20:14:48 -0400
Cc: ipsec@TIS.COM
In-Reply-To: gnu's message of Thu, 19 Sep 1996 17:00:04 -0700. <199609200000.RAA28145@toad.com>
Sender: ipsec-approval@neptune.tis.com

   Also, your goal assumes a non-interactive attack, that is, that the
   attacker cannot see any of the outgoing traffic in response to the
   attack.

This is deliberate, though I'm beginning to wonder if it might be a
case of "fighting the last war" ...

   It's a much harder problem if the attacker is positioned on the
   network so that they can snatch some of the cookies off the ether,
   and send them back as part of the attack.

True.  I was attempting to propose an engineering problem, not a PhD
dissertation topic..

I think the meta-goal is to require that a swamping attack actually
use up enough bandwidth that tracking the flow(s) back to its
originator(s) is easy.

    and also receives ICMP messages resulting
    from bouncing response packets consuming incoming bandwidth IZ.
    Assume that the attacker is unable to read any of the response
    packets.

Hmm.  I'd rephrase this as 

	"Error packets generated in reply to responses to forged packets
	 should also be considered part of the incoming flooding
	 attack".

since different key mgt protocols may well use different ways to
return error messages.

					- Bill

Follow-Ups:

Re: resistance to swamping attacks.

From: "Kim L. Toms" <kim@morningstar.com>

Prev by Date: Re: Concerns
Next by Date: Re: IPsec Minutes from Montreal
Prev by thread: Re: resistance to swamping attacks.
Next by thread: Re: resistance to swamping attacks.
Index(es):
- Main
- Thread