The request may for example be to mark data traffic being forwarded with a characteristic allowing the data traffic being forwarded to be distinguished from data traffic being forwarded via a different path, to allow the network node to classify data received via the selected data forwarding node. The remote packet forwarding node may selectively alter the handling of data traffic directed at the network node, thereby allowing the network node's traffic data issues to be resolved without affecting the delivery of traffic to other network nodes. Thus, the network node may resolve traffic data issues by enlisting the cooperation of a remote packet forwarding node detected as being on a forwarding path for data received at the network node. In accordance with one aspect of the invention there is provided a method of managing data traffic received at a network node from a packet data communications network, said method comprising:Ī) monitoring tracing data allowing the identity of at least one remote packet forwarding node forwarding at least some of the received data traffic to be found ī) transmitting a request for the remote packet forwarding node to alter its handling of data traffic. With enough traceback messages from enough routers along the path, the traffic source and path can be determined by the host under attack. When forwarding packets, routers which are itrace-enabled, generate with an extremely low probability a traceback message that is sent along in parallel with the data to the destination. One solution is to probabilistically send a tracing packet, called an “itrace” packet, with the traced packet at a forwarding router, as described in Bellovin: ICMP Traceback messages (“draft-bellovin-itrace-OO.txt”), AT&T Labs, March 2000. As these packets traverse the Internet, the true origin is lost and the victim is left with no useful information as to the location of the attacker. Attackers hide their location using incorrect or “spoofed” IP source addresses. Another option is to trace attacks back to the origin so they can be eliminated near the source.ĭetermining the source of an attack, known as the traceback problem, is extremely difficult due to the stateless nature of Internet routing. Most work in this area has focused on tolerating attacks by mitigating their effects on the victim.
Denial of Service attacks are currently a difficult security problem to resolve because they are simple to implement, difficult to detect and very difficult to trace. The present invention relates to packet data communications, and in particular, but not exclusively, to procedures, mechanisms and apparatus for the detection and mitigation of Denial of Service attacks in a public data communications network such as the Internet.ĭenial of Service attacks are designed to consume the resources of a network host or the network itself, thereby denying or at least degrading service to legitimate users.
0 kommentar(er)
