------- Forwarded Message Return-Path: <ietf-123-owner@loki.ietf.org> Received: from postal.research.att.com by fetchmail-4.5.7 POP3 for <smb/localhost> (single-drop); Wed, 01 Mar 2000 19:23:02 EST Received: from mail-green.research.att.com (mail-green.research.att.com [135.207.30.103]) by postal.research.att.com (8.8.7/8.8.7) with ESMTP id TAA10215 for <smb@postal.research.att.com>; Wed, 1 Mar 2000 19:20:12 -0500 (EST) Received: by mail-green.research.att.com (Postfix) id 1F98A1E032; Wed, 1 Mar 2000 19:20:12 -0500 (EST) Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mail-green.research.att.com (Postfix) with ESMTP id 10D301E036; Wed, 1 Mar 2000 19:20:07 -0500 (EST) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id SAA05354 for ietf-123-outbound.01@ietf.org; Wed, 1 Mar 2000 18:25:00 -0500 (EST) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id SAA05280 for <all-ietf@loki.ietf.org>; Wed, 1 Mar 2000 18:13:06 -0500 (EST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA16131; Wed, 1 Mar 2000 18:13:04 -0500 (EST) Delivered-To: smb@research.att.com Message-Id: <200003012313.SAA16131@ietf.org> To: IETF-Announce: ; From: ietf-secretariat@ietf.org Cc: new-work@ietf.org Subject: 47th IETF: ITRACE BOF Date: Wed, 01 Mar 2000 18:13:03 -0500 Sender: mbeaulie@cnri.reston.va.us Content-Type: text X-UIDL: de9f75cb7001aedbabad2854bdf994cd ICMP Traceback BOF (itrace) Thursday, March 30 at 1530-1730 =============================== CHAIR: Steve Bellovin <smb@research.att.com> DESCRIPTION: The purpose of the BoF is to look at a mechanism to help address the problem of tracing back denial of service attacks. The suggested mechanism is that with low probability (order 1/20,000), a router seeing a packet would send to the destination an ICMP message giving as much information as it knows about the immediate previous hop of that packet. With enough of these messages -- and if one is being flooded, by definition there will be a lot of traffic, so that the low probabilities will still result in a reasonably complete set of traceback packets. Such a mechanism has other uses as well. It lets people trace down the source of accidentally-emitted bogus packets, i.e., those with RFC1918 addresses. It helps characterize the reverse path, which traceroute does not do. The output will be a standards-track RFC describing the packet format, and the conditions under which it should be sent. Issues include authentication, router load, and host load. AGENDA: Introduction, motivation 15 min Marcus Leech's prototype 20 min Open issues list 30 min Charter 20 min ------- End of Forwarded Message --Steve Bellovin