OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [fw-wiz] Stefan Savage : Hacking the TCP stack
From: Frederick N. Chase (fncmitre.org)
Date: Wed May 17 2000 - 09:19:08 CDT


"R. DuFresne" wrote:
>
> Has anyone looked at the work described here:

I've made a pass through the paper by
Savage, Wetherall, Karlin and Anderson,
which can be found at:
http://www.cs.washington.edu/homes/savage/traceback.html.

IMHO (which is not necessarily that of my employer),
This is by far the most promising thing that's surfaced to date
for addressing distributed denial-of-service.
--It can be implemented without waiting for IPv6.
--It can be phased in in a practical way.
--It promises an effective solution to the first phase of traceback:
  finding the agent/daemon/zombies which are
  emitting the volumes of packets.

The paper appears to be quite objective as to what can be expected.

I think this should be given immediate thorough consideration
by ISPs and router vendors.

   -Fred Chase