[e2e] DDoS attack vs. Spoofing of Source Address

Zhang Miao zm at cernet.edu.cn
Tue Jan 17 18:38:07 PST 2006 

-------Original Message -------------------------------------
From: "Jeroen Massar" <jeroen at unfix.org>
To: "zm at cernet.edu.cn" <zm at cernet.edu.cn>
Sent: 2006-01-18 10:11:07
Subject: Re: [e2e] DDoS attack vs. Spoofing of Source Address

>> 2) Is current deployed mechanisms (mainly ingress filtering, and uRPF)
>>    working well enough?
>
>They work as long as the complete network uses them. When a trusted
>source is not using them the scheme falls over. At least in these cases
>one can trace it to this link based on traffic graphs, netflow data and
>other more 'expensive' sources.
>
>> Shall we design and deploy other mechanisms
>>    to do source address validation in the Internet?
>
>uRPF and ingress filtering already suffice sufficiently. At the moment
>most DDoS attacks (afaik) are not using spoofing attacks any more due to
>the easy way to get a large amount of zombie hosts which can do damage
>easily and for a small price. The biggest requirement and wish list here
>is most likely to be able to convince network operators to actually
>implement and update these filters properly.

As you said, ingress filter and uRFP "work as long as the complete network 
uses them". Also, one argue is that such mechanism is lack of incentive
of deployment - the ISP that deploying the mechanism can only do good to
other people, not themselves. So I'm just curious how to convince ALL ISPs
to deploy them, from an economic aspect. We should set a "law" to ask all
ISPs to deploy ingress fiter, or we should design some mechanisms (like SPM[1]) 
to provide enough incentive and can be incremental deployed?

   [1]   Bremler-Barr, A. and H. Levy, "Spoofing Prevention Method",
         IEEE Infocom 2005, 2005.


Greets,

Miao



*****************************************************************
*    Zhang Miao                                                 *
*    Ph.D, Assistant Professor, Network Research Center         *
*    Tsinghua University,Beijing,China(100084)                  *
*    Tel: (8610)-62795818-6271                                  *
*    Email: zm at cernet.edu.cn                                 *
*    Web: http://netarchlab.tsinghua.edu.cn/~zm                 *
*****************************************************************

More information about the end2end-interest mailing list