ICMP Traceback BOF (itrace)

Thursday, March 30 at 1530-1730
===============================

CHAIR: Steve Bellovin <smb@research.att.com>

DESCRIPTION:

The purpose of the BoF is to look at a mechanism to help address the 
problem of tracing back denial of service attacks.  The suggested
mechanism is that with low probability (order 1/20,000), a router
seeing a packet would send to the destination an ICMP message giving
as much information as it knows about the immediate previous hop of 
that packet.  With enough of these messages -- and if one is being 
flooded, by definition there will be a lot of traffic, so that the 
low probabilities will still result in a reasonably complete set of 
traceback packets.

Such a mechanism has other uses as well.  It lets people trace down
the source of accidentally-emitted bogus packets, i.e., those with
RFC1918 addresses.  It helps characterize the reverse path, which
traceroute does not do.

The output will be a standards-track RFC describing the packet format, 
and the conditions under which it should be sent.  Issues include 
authentication, router load, and host load.

AGENDA:
   Introduction, motivation        15 min
   Marcus Leech's prototype        15 min
   Alternative design              15 min
   Open issues list                20 min
   Charter                         20 min

Draft: draft-bellovin-itrace-00.txt
Also see: http://www.cs.washington.edu/homes/savage/traceback.html

MAILING LISTS:

For those who are interested in the ITRACE BoF, there is a mailing 
list ietf-itrace@research.att.com.  Subscribe by sending the message 
body

  subscribe ietf-itrace
 
to majordomo@research.att.com