Hi Fan,
Ideally, SAVA would address all attacks that require the attacker to
spoof its source address.
Ron
Fan Ye wrote:
> Ron,
>
> Thanks for clarifying the problem. Then what kinds of threats SAVA plans
> to address? Attackers spoofing addresses may control end-hosts (which is
> quite common and I guess SAVA should address), sniff traffic at the edge
> or the core, or control routers at the edge or the core. Is SAVA going to
> address all of them, or just a subset?
>
> Thanks,
> Fan
>
> [EMAIL PROTECTED] wrote on 09/14/2006 04:06:30 PM:
>
>
>>Pekka,
>>
>>You raise some very fundamental questions about SAVA. I will try to
>>enumerate and answer them. If I get any of the answers wrong, I invite
>>the SAVA contributors to step up and correct me.
>>
>>First, you ask what it means for a packet to have a "valid source
>>address". It means that there is some degree of certainty that the
>>packet originated at a site to which the address was assigned by a
>>legitimate numbering authority. This is a much stronger statement than
>>an alternative definition, which claims only that the packet is not
>>spoofing some well known address (for example, one of your own backbone
>>addresses).
>>
>>The degree of certainty that source address filtering and uRPF can
>>provide is inversely proportional to the number of hops between the
>>validating and originating devices. So, (although this might be
>>anticipating solutions), the SAVA architecture will probably include a
>>source address filtering/uRPF component that will be implemented by
>>upstream routers, and a signature component, by which the upstream
>>router notifies downstream routers that validation has (or has not)
>>occurred.
>>
>>Next, you ask what network resource are protected by SAVA. I think that
>>the answer is the entire Internet, but especially the routers that are
>>close to the validating nodes. This is because SAVA can identify all of
>>the following classes of spoofed packets:
>>
>>a) spoofed packets that are bound for routers (in the local or remote
>
> AS)
>
>>b) spoofed packets that are bound for hosts, but cause router interfaces
>>to congest.
>>
>> Ron
>>
>>
>>
>>_______________________________________________
>>SAVA mailing list
>>[EMAIL PROTECTED]
>>http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava
>
>
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
