Is there a line of defense against Distributed Reflective attacks?
David G. Andersen
dga at lcs.mit.edu
Fri Jan 17 06:29:54 UTC 2003
On Fri, Jan 17, 2003 at 01:11:14AM -0500, David G. Andersen mooed:
>
> b) Ioannidis and Bellovin proposed a mechanism called "Pushback"
> for automatically establishing router-based rate limits to
> staunch packet flows during DoS attacks.
> [NDSS 2002, "Implementing Pushback: Router-Based Defense
> Against DDoS Attacks"]
I should have been a bit more accurate here. The proposal for
pushback is actually earlier than the implementation paper I cited above:
"Controlling High Bandwidth Aggregates in the Network. Ratul Mahajan,
Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott
Shenker. July, 2001."
and it also included an internet-draft:
http://www.aciri.org/floyd/papers/draft-floyd-pushback-messages-00.txt
I believe that Steve Bellovin gave a talk about it at NANOG 21:
http://www.research.att.com/~smb/talks/pushback-nanog.pdf
-Dave (I'll learn not to send mail past midnight some day)
--
work: dga at lcs.mit.edu me: dga at pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
I do not accept unsolicited commercial email. Do not spam me.
More information about the NANOG
mailing list