Trace-back of Active Attack Flows
In this type of solution, an observer tracks an existing attack flow by examining incoming and outgoing ports on routers starting from the host under attack. Thus, such a solution requires having privileged access to routers along the attack path.
To bypass this restriction and automate this process, Stone proposes routing suspicious packets on an overlay network using ISP edge routers. By simplifying the topology, suspicious packets can easily be re-routed to a specialized network for further analysis.
This is an interesting approach. By nature of DoS, any such attack will be sufficiently long lived for tracking in such a fashion to be possible. Layer-three topology changes, while hard to mask to a determined attacker, have the possibility of alleviating the DoS until the routing change is discovered and subsequently adapted to. Once the attacker has adapted, the re-routing scheme can once again adapt and re-route; causing an oscillation in the DoS attack; granting some ability to absorb the impact of such an attack.
Read more about this topic: IP Traceback
Famous quotes containing the words active, attack and/or flows:
“I am grown old and my memory is not as active as it used to be. When I was younger I could remember anything, whether it had happened or not; but my faculties are decaying now, and soon I shall be so I cannot remember any but the things that never happened. It is sad to go to pieces like this, but we all have to do it.”
—Mark Twain [Samuel Langhorne Clemens] (1835–1910)
“And whether it is Thursday, or the day is stormy,
With thunder and rain, or the birds attack each other,
We have rolled into another dream.”
—John Ashbery (b. 1927)
“All things change, nothing is extinguished.... There is nothing in the whole world which is permanent. Everything flows onward; all things are brought into being with a changing nature; the ages themselves glide by in constant movement.”
—Ovid (Publius Ovidius Naso)