North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Forwarded: 47th IETF: ITRACE BOF

  • From: Steven M. Bellovin
  • Date: Wed Mar 01 19:58:09 2000

------- Forwarded Message

Return-Path: <[email protected]>
Received: from
	by fetchmail-4.5.7 POP3
	for <smb/localhost> (single-drop); Wed, 01 Mar 2000 19:23:02 EST
Received: from ( [])
	by (8.8.7/8.8.7) with ESMTP id TAA10215
	for <[email protected]>; Wed, 1 Mar 2000 19:20:12 -0500 (EST)
Received: by (Postfix)
	id 1F98A1E032; Wed,  1 Mar 2000 19:20:12 -0500 (EST)
Received: from ( [])
	by (Postfix) with ESMTP
	id 10D301E036; Wed,  1 Mar 2000 19:20:07 -0500 (EST)
Received: (from [email protected])
	by (8.9.1b+Sun/8.9.1) id SAA05354
	for [email protected]; Wed, 1 Mar 2000 18:25:00 -0500 (EST)
Received: from ( [])
	by (8.9.1b+Sun/8.9.1) with ESMTP id SAA05280
	for <[email protected]>; Wed, 1 Mar 2000 18:13:06 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [])
	by (8.9.1a/8.9.1a) with ESMTP id SAA16131;
	Wed, 1 Mar 2000 18:13:04 -0500 (EST)
Delivered-To: [email protected]
Message-Id: <[email protected]>
To: IETF-Announce: ;
From: [email protected]
Cc: [email protected]
Subject: 47th IETF: ITRACE BOF
Date: Wed, 01 Mar 2000 18:13:03 -0500
Sender: [email protected]
Content-Type: text
X-UIDL: de9f75cb7001aedbabad2854bdf994cd

ICMP Traceback BOF (itrace)

Thursday, March 30 at 1530-1730

CHAIR: Steve Bellovin <[email protected]>


The purpose of the BoF is to look at a mechanism to help address the 
problem of tracing back denial of service attacks.  The suggested
mechanism is that with low probability (order 1/20,000), a router
seeing a packet would send to the destination an ICMP message giving
as much information as it knows about the immediate previous hop of 
that packet.  With enough of these messages -- and if one is being 
flooded, by definition there will be a lot of traffic, so that the 
low probabilities will still result in a reasonably complete set of 
traceback packets.

Such a mechanism has other uses as well.  It lets people trace down
the source of accidentally-emitted bogus packets, i.e., those with
RFC1918 addresses.  It helps characterize the reverse path, which
traceroute does not do.

The output will be a standards-track RFC describing the packet format, 
and the conditions under which it should be sent.  Issues include 
authentication, router load, and host load.


  Introduction, motivation        15 min
  Marcus Leech's prototype        20 min
  Open issues list                30 min
  Charter                         20 min

------- End of Forwarded Message

		--Steve Bellovin