[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Eternity - an alternative approach




(Kay Ping) writes:
> It occured to me that the equivalent on the net would be to receive
> packets with invalid source addresses. They are just there, coming dowm
> the phone line to your modem. It takes significant resources and snooping
> on a massive scale to locate where they are coming from.. All this is
> assuming you can find some way to send a request with your address to the
> server.

I've looked at this idea for a while.  It's great right now once you
get away from the first couple of subnets, though.

However, I've recently become aware of "IDIP", or "Intruder Detection
and Isolation Protocol" through potentially questionable sources (my
source is mostly NDA-wary).  He assumes it will be implemented by
having each router cache IP address, received interface tuples.

Then, after the fact, one could go back and track someone router by 
router.

The technical solution to this is to flood a router with forged packets
while using it to transfer your own data, overflowing the cache.

This presents the problem of being tracked by leaving a cloud of flooded
routers in your wake.  But it's possible.

I get the impression the system is far from deployment, but that it is
being worked on is a sign that potentially someone sees the rise in
forged source address attacks and wants to curtail it.  
-- 
Ryan Lackey
[email protected]
http://mit.edu/rdl/