North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Yahoo offline because of attack (was: Yahoo network outage)

  • From: Barry Shein
  • Date: Wed Feb 09 17:11:35 2000

I'll once again suggest adopting an extended router-to-router record
route option which holds more info, more addresses than the current IP
spec calls for that is, and is only used between routers trunc'd off
on exit (well, configurable, of course.)

Obviously then one has to get it into router software and turned on
but that's nothing new as a problem whenever new technology is being
adopted.

One useful feature is that it'd probably be difficult in most
environments for the villain to know which sites support this tracing
and which don't, since they probably can't see traffic on the router,
and the info is removed when it leaves (e.g. hits their PPP session.)

Then if there's an attack one would only have to get the extended RR
info from the router or routers the attack is coming through on your
side to trace it back to a source router, and with luck could do
something with that info. Even partial info, such as when it goes back
through to a router which doesn't support this, should often be of
some use.

-- 
        -Barry Shein

Software Tool & Die    | [email protected]          | http://www.world.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*