fncmitre.org

• Next message: Dameon D. Welch-Abernathy: "Re: [fw-wiz] Differences between firewall-packages like FW-1 and packetfilter"
• Previous message: Darren Reed: "Re: [fw-wiz] FW-1 throughput question"
• In reply to: R. DuFresne: "[fw-wiz] Stefan Savage : Hacking the TCP stack"
• Next in thread: R. DuFresne: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
• Reply: Frederick N. Chase: "Re: [fw-wiz] Stefan Savage : Hacking the TCP stack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"R. DuFresne" wrote:
>
> Has anyone looked at the work described here:

I've made a pass through the paper by
Savage, Wetherall, Karlin and Anderson,
which can be found at:
http://www.cs.washington.edu/homes/savage/traceback.html.

IMHO (which is not necessarily that of my employer),
This is by far the most promising thing that's surfaced to date
for addressing distributed denial-of-service.
--It can be implemented without waiting for IPv6.
--It can be phased in in a practical way.
--It promises an effective solution to the first phase of traceback:
  finding the agent/daemon/zombies which are
  emitting the volumes of packets.

The paper appears to be quite objective as to what can be expected.

I think this should be given immediate thorough consideration
by ISPs and router vendors.

   -Fred Chase

• Next message: Dameon D. Welch-Abernathy: "Re: [fw-wiz] Differences between firewall-packages like FW-1 and packetfilter"
• Previous message: Darren Reed: "Re: [fw-wiz] FW-1 throughput question"
• In reply to: R. DuFresne: "[fw-wiz] Stefan Savage : Hacking the TCP stack"
• Next in thread: R. DuFresne: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
• Reply: Frederick N. Chase: "Re: [fw-wiz] Stefan Savage : Hacking the TCP stack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]