GRC rides again...

Ron Buchalski rbuchals at hotmail.com
Mon Jul 2 14:52:26 UTC 2001


It depends on how qos is deployed.  If a customer pays for a higher level of 
qos between corporate sites on a provider's network (and no qos for other 
traffic), the attack traffic would only consume the higher level of 
bandwidth when destined for that limited set of destinations.  Otherwise, it 
would be handled with the same qos as other attack traffic.

As far as attack traffic setting it's own qos levels (manipulating 
precedence bits), a provider who deploys and supports qos in the network 
should insure that they tag traffic properly at the edge.  If a non-qos 
customer starts tagging traffic with the highest precendence, the provider 
should re-tag it with no precedence prior to passing it on to the network.  
Of course, this means deploying some level of qos at ALL entry points, not 
just those entry points for customers paying for higher levels of service.

It may be possible for the features of qos to help limit the extent of the 
attack, but with no predictability of where the attack sources or attack 
destinations are, you'd either need to apply qos when the attack occurs 
(reactive), or deploy it EVERYWHERE, on ALL provider's networks (intensely 
proactive).  I doubt that anyone has the time or effort to deploy worldwide 
qos in order to stop random (and small, compared to overall traffic) dos 
attacks.

-rb

>From: Dave Israel <davei at biohazard.demon.digex.net>
>Reply-To: davei at biohazard.demon.digex.net
>To: Roeland Meyer <rmeyer at mhsc.com>
>CC: "'rdobbins at netmore.net'" <rdobbins at netmore.net>, "'David Howe'" 
><DaveHowe at gmx.co.uk>, nanog at merit.edu
>Subject: RE: GRC rides again...
>Date: Mon, 2 Jul 2001 10:23:41 -0400
>
>
>
>I doubt it. In fact, a clever hacker could figure out who has paid
>for what qos, and use it to give attacking traffic high priority.
>It adds another variable; it doesn't present a solution.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com




More information about the NANOG mailing list