(Kay Ping) writes:
It occured to me that the equivalent on the net would be to receive packets with invalid source addresses. They are just there, coming dowm the phone line to your modem. It takes significant resources and snooping on a massive scale to locate where they are coming from.. All this is assuming you can find some way to send a request with your address to the server.
I've looked at this idea for a while. It's great right now once you get away from the first couple of subnets, though. However, I've recently become aware of "IDIP", or "Intruder Detection and Isolation Protocol" through potentially questionable sources (my source is mostly NDA-wary). He assumes it will be implemented by having each router cache IP address, received interface tuples. Then, after the fact, one could go back and track someone router by router. The technical solution to this is to flood a router with forged packets while using it to transfer your own data, overflowing the cache. This presents the problem of being tracked by leaving a cloud of flooded routers in your wake. But it's possible. I get the impression the system is far from deployment, but that it is being worked on is a sign that potentially someone sees the rise in forged source address attacks and wants to curtail it. -- Ryan Lackey rdl@mit.edu http://mit.edu/rdl/