Report from the IAB workshop on Unwanted Traffic March 9-10, 2006
RFC 4948
Document | Type |
RFC - Informational
(August 2007; Errata)
Was draft-iab-iwout-report (iab)
|
|
---|---|---|---|
Authors | Lixia Zhang , Elwyn Davies , Loa Andersson | ||
Last updated | 2020-01-21 | ||
Stream | IAB | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | IAB state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) |
Network Working Group L. Andersson Request for Comments: 4948 Acreo AB Category: Informational E. Davies Folly Consulting L. Zhang UCLA August 2007 Report from the IAB workshop on Unwanted Traffic March 9-10, 2006 Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document reports the outcome of a workshop held by the Internet Architecture Board (IAB) on Unwanted Internet Traffic. The workshop was held on March 9-10, 2006 at USC/ISI in Marina del Rey, CA, USA. The primary goal of the workshop was to foster interchange between the operator, standards, and research communities on the topic of unwanted traffic, as manifested in, for example, Distributed Denial of Service (DDoS) attacks, spam, and phishing, to gain understandings on the ultimate sources of these unwanted traffic, and to assess their impact and the effectiveness of existing solutions. It was also a goal of the workshop to identify engineering and research topics that could be undertaken by the IAB, the IETF, the IRTF, and the network research and development community at large to develop effective countermeasures against the unwanted traffic. Andersson, et al. Informational [Page 1] RFC 4948 Unwanted Traffic August 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Root of All Evils: An Underground Economy . . . . . . . . 4 2.1. The Underground Economy . . . . . . . . . . . . . . . . . 5 2.2. Our Enemy Using Our Networks, Our Tools . . . . . . . . . 6 2.3. Compromised Systems Being a Major Source of Problems . . . 7 2.4. Lack of Meaningful Deterrence . . . . . . . . . . . . . . 8 2.5. Consequences . . . . . . . . . . . . . . . . . . . . . . . 10 3. How Bad Is The Problem? . . . . . . . . . . . . . . . . . . . 10 3.1. Backbone Providers . . . . . . . . . . . . . . . . . . . . 10 3.1.1. DDoS Traffic . . . . . . . . . . . . . . . . . . . . . 10 3.1.2. Problem Mitigation . . . . . . . . . . . . . . . . . . 11 3.2. Access Providers . . . . . . . . . . . . . . . . . . . . . 12 3.3. Enterprise Networks: Perspective from a Large Enterprise . . . . . . . . . . . . . . . . . . . . . . . . 13 3.4. Domain Name Services . . . . . . . . . . . . . . . . . . . 14 4. Current Vulnerabilities and Existing Solutions . . . . . . . . 15 4.1. Internet Vulnerabilities . . . . . . . . . . . . . . . . . 15 4.2. Existing Solutions . . . . . . . . . . . . . . . . . . . . 16 4.2.1. Existing Solutions for Backbone Providers . . . . . . 16 4.2.2. Existing Solutions for Enterprise Networks . . . . . . 17 4.3. Shortfalls in the Existing Network Protection . . . . . . 18 4.3.1. Inadequate Tools . . . . . . . . . . . . . . . . . . . 18 4.3.2. Inadequate Deployments . . . . . . . . . . . . . . . . 18 4.3.3. Inadequate Education . . . . . . . . . . . . . . . . . 19 4.3.4. Is Closing Down Open Internet Access Necessary? . . . 19 5. Active and Potential Solutions in the Pipeline . . . . . . . . 20 5.1. Central Policy Repository . . . . . . . . . . . . . . . . 20 5.2. Flow Based Tools . . . . . . . . . . . . . . . . . . . . . 21 5.3. Internet Motion Sensor (IMS) . . . . . . . . . . . . . . . 21 5.4. BCP 38 . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.5. Layer 5 to 7 Awareness . . . . . . . . . . . . . . . . . . 22 5.6. How To's . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.7. SHRED . . . . . . . . . . . . . . . . . . . . . . . . . . 23 6. Research in Progress . . . . . . . . . . . . . . . . . . . . . 23 6.1. Ongoing Research . . . . . . . . . . . . . . . . . . . . . 23 6.1.1. Exploited Hosts . . . . . . . . . . . . . . . . . . . 23 6.1.2. Distributed Denial of Service (DDoS) Attacks . . . . . 25 6.1.3. Spyware . . . . . . . . . . . . . . . . . . . . . . . 26 6.1.4. Forensic Aids . . . . . . . . . . . . . . . . . . . . 26 6.1.5. Measurements . . . . . . . . . . . . . . . . . . . . . 27 6.1.6. Traffic Analysis . . . . . . . . . . . . . . . . . . . 27 6.1.7. Protocol and Software Security . . . . . . . . . . . . 27 6.2. Research on the Internet . . . . . . . . . . . . . . . . . 27Show full document text