ICMP Traceback BOF (itrace) Thursday, March 30 at 1530-1730 =============================== CHAIR: Steve Bellovin DESCRIPTION: The purpose of the BoF is to look at a mechanism to help address the problem of tracing back denial of service attacks. The suggested mechanism is that with low probability (order 1/20,000), a router seeing a packet would send to the destination an ICMP message giving as much information as it knows about the immediate previous hop of that packet. With enough of these messages -- and if one is being flooded, by definition there will be a lot of traffic, so that the low probabilities will still result in a reasonably complete set of traceback packets. Such a mechanism has other uses as well. It lets people trace down the source of accidentally-emitted bogus packets, i.e., those with RFC1918 addresses. It helps characterize the reverse path, which traceroute does not do. The output will be a standards-track RFC describing the packet format, and the conditions under which it should be sent. Issues include authentication, router load, and host load. AGENDA: Introduction, motivation 15 min Marcus Leech's prototype 15 min Alternative design 15 min Open issues list 20 min Charter 20 min Draft: draft-bellovin-itrace-00.txt Also see: http://www.cs.washington.edu/homes/savage/traceback.html MAILING LISTS: For those who are interested in the ITRACE BoF, there is a mailing list ietf-itrace@research.att.com. Subscribe by sending the message body subscribe ietf-itrace to majordomo@research.att.com