GRC rides again...
Ron Buchalski
rbuchals at hotmail.com
Mon Jul 2 14:52:26 UTC 2001
It depends on how qos is deployed. If a customer pays for a higher level of
qos between corporate sites on a provider's network (and no qos for other
traffic), the attack traffic would only consume the higher level of
bandwidth when destined for that limited set of destinations. Otherwise, it
would be handled with the same qos as other attack traffic.
As far as attack traffic setting it's own qos levels (manipulating
precedence bits), a provider who deploys and supports qos in the network
should insure that they tag traffic properly at the edge. If a non-qos
customer starts tagging traffic with the highest precendence, the provider
should re-tag it with no precedence prior to passing it on to the network.
Of course, this means deploying some level of qos at ALL entry points, not
just those entry points for customers paying for higher levels of service.
It may be possible for the features of qos to help limit the extent of the
attack, but with no predictability of where the attack sources or attack
destinations are, you'd either need to apply qos when the attack occurs
(reactive), or deploy it EVERYWHERE, on ALL provider's networks (intensely
proactive). I doubt that anyone has the time or effort to deploy worldwide
qos in order to stop random (and small, compared to overall traffic) dos
attacks.
-rb
>From: Dave Israel <davei at biohazard.demon.digex.net>
>Reply-To: davei at biohazard.demon.digex.net
>To: Roeland Meyer <rmeyer at mhsc.com>
>CC: "'rdobbins at netmore.net'" <rdobbins at netmore.net>, "'David Howe'"
><DaveHowe at gmx.co.uk>, nanog at merit.edu
>Subject: RE: GRC rides again...
>Date: Mon, 2 Jul 2001 10:23:41 -0400
>
>
>
>I doubt it. In fact, a clever hacker could figure out who has paid
>for what qos, and use it to give attacking traffic high priority.
>It adds another variable; it doesn't present a solution.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the NANOG
mailing list