It depends on how qos is deployed. If a customer pays for a higher level of qos between corporate sites on a provider's network (and no qos for other traffic), the attack traffic would only consume the higher level of bandwidth when destined for that limited set of destinations. Otherwise, it would be handled with the same qos as other attack traffic. As far as attack traffic setting it's own qos levels (manipulating precedence bits), a provider who deploys and supports qos in the network should insure that they tag traffic properly at the edge. If a non-qos customer starts tagging traffic with the highest precendence, the provider should re-tag it with no precedence prior to passing it on to the network. Of course, this means deploying some level of qos at ALL entry points, not just those entry points for customers paying for higher levels of service. It may be possible for the features of qos to help limit the extent of the attack, but with no predictability of where the attack sources or attack destinations are, you'd either need to apply qos when the attack occurs (reactive), or deploy it EVERYWHERE, on ALL provider's networks (intensely proactive). I doubt that anyone has the time or effort to deploy worldwide qos in order to stop random (and small, compared to overall traffic) dos attacks. -rb
From: Dave Israel <davei@biohazard.demon.digex.net> Reply-To: davei@biohazard.demon.digex.net To: Roeland Meyer <rmeyer@mhsc.com> CC: "'rdobbins@netmore.net'" <rdobbins@netmore.net>, "'David Howe'" <DaveHowe@gmx.co.uk>, nanog@merit.edu Subject: RE: GRC rides again... Date: Mon, 2 Jul 2001 10:23:41 -0400
I doubt it. In fact, a clever hacker could figure out who has paid for what qos, and use it to give attacking traffic high priority. It adds another variable; it doesn't present a solution.
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
participants (1)
-
Ron Buchalski