Other Approaches
Hal Burch and William Cheswick propose a controlled flooding of links to determine how this flooding affects the attack stream. Flooding a link will cause all packets, including packets from the attacker, to be dropped with the same probability. We can conclude from this that if a given link were flooded, and packets from the attacker slowed, then this link must be part of the attack path. Then recursively upstream routers are “coerced” into performing this test until the attack path is discovered.
The traceback problem is complicated because of spoofed packets. Thus, a related effort is targeted towards preventing spoofed packets; known as ingress filtering. Ingress Filtering restricts spoofed packets at ingress points to the network by tracking the set of legitimate source networks that can use this router.
Park and Lee present an extension of Ingress Filtering at layer 3. They present a means of detecting false packets, at least to the subnet, by essentially making use of existing OSPF routing state to have routers make intelligent decisions about whether or not a packet should be routed.
Read more about this topic: IP Traceback
Famous quotes containing the word approaches:
“The Oriental philosophy approaches easily loftier themes than the modern aspires to; and no wonder if it sometimes prattle about them. It only assigns their due rank respectively to Action and Contemplation, or rather does full justice to the latter. Western philosophers have not conceived of the significance of Contemplation in their sense.”
—Henry David Thoreau (1817–1862)
“A politician is a statesman who approaches every question with an open mouth.”
—Adlai Stevenson (1900–1965)