Denial of Service Attacks, Attacked

From: Spudboy100@aol.com
Date: Tue May 13 2003 - 23:29:54 MDT

  • Next message: Samantha: "Re: "Hysteria, Thy Name is SARS""

    http://news.com.com/2100-1009_3-1001200.html?tag=fd_top

    <<Adrian Perrig, an assistant professor at Carnegie Mellon and Yaar's
    adviser, said that analyses based on large network simulations of Yaar’s
    proposal are promising. "In the case that the (Internet) address is spoofed,
    our method wins hands down," he said.

    The path-identifier number is stored in a part of network data packets that
    is largely unused: the 16-bit Internet Protocol (IP) identification field.
    The identifier is used only when network data has been fragmented, which
    occurs in less than 10 percent of cases, said Perrig.

    One strength of the proposal is its ability to work even when only a fraction
    of ISPs--30 percent or more--have adopted the proposal. Moreover, the
    proposal shifts the onus for fixing Internet security problems from the
    victim to the attacker's ISP because such attacks result in traffic from
    parts of the Internet close to the attacker being blocked by the victim’s
    server.

    AT&T's Bellovin said those two results are what he likes about the plan. "But
    I'm worried about something that doesn't work well with fragmentation," he
    said, pointing out that many digital subscriber line (DSL) providers used a
    technique for network data that increases fragmentation. Such subscribers
    could find their Internet connection nearly useless during an attack, if
    Yaar's proposal became widely used. >>

        



    This archive was generated by hypermail 2.1.5 : Tue May 13 2003 - 23:41:28 MDT