ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 3. Requirements - Non Spam must go through

2003-07-09 17:01:37
from [Pete McNeil] [Permanent Link]
In general, I agree... just tell the router to drop the packets... but it has been said that this leads to an accelerated retry situation... so, to forestall that, have the router send back an acknowledgement packet (rather than an ICMP unreachable) and then forget all about it... That is, if it's from the unwanted, abusive source, replace the unreachable packet with an ack/est. Then be done with it.
For the system under attack it's still just one packet. For the attacking system it's an apparently open pipe - except when they try to send, there's no "there" there... but they must time-out before they know that. This, at least, delays the retry and requires very little overhead when compared with a normal rejection.
This isn't something I recommend, I think the right way to do it is just drop the packets, but it _may_ be a reasonable response to what has been called a DDoS attack if simply dropping the packets doesn't work (as described).
Until DSQP can be deployed so that the border router of the attacker's upstream disconnects them, the receivers will need to have options for mounting a defense. 

_M

At 07:20 PM 7/9/2003 -0400, C. Wegrzyn wrote:
The problem is the cost of opening/closing the connection - that is a pretty heavy penalty. I'd be more like to just route the bits to the great bucket in the sky. 

Chuck

Alan DeKok wrote:


"Pete McNeil" <madscientist(_at_)microneil(_dot_)com> wrote:



What about silently breaking the pipe? That is, accept the connection
(one packet) then forget about it. The sender's device would have to
time out before trying again. I know it's a low-level networking hack,
but it might save bandwidth over the other two alternatives. Thoughts?



 It's a thought, but I haven't tried it myself.

 People have tried similar things with 'teergrube', and it doesn't
appear to make enough different to be worthwhile.

 Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg






_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 3. Requirements - Non Spam must go through, C. Wegrzyn
Next by Date:  [Asrg] [OffTopic] Looking for address to complain to Hotmail, Kee Hinckley
Previous by Thread:  Re: [Asrg] 3. Requirements - Non Spam must go through, C. Wegrzyn
Next by Thread:  Re: [Asrg] 3. Requirements - Non Spam must go through, Walter Dnes
Indexes:  [Date] [Thread] [Top] [All Lists]