Researchers, vendors, ISPs attack 'Net attackers

Some of the best Internet minds in the world met Thursday to discuss a wide range of methods to rid the Web of malicious traffic.

The Usenix invitation-only workshop, called Steps to Reducing Unwanted Traffic on the Internet (SRUTI), brought together more than 50 academics from all over the world as well as technical staff from equipment vendors and ISPs to develop methods to cut down on spam, viruses, worms and distributed denial-of-service (DDoS) attacks - methods that are practical at an operational level. (“Sruti,” by the way, is a Sanskrit word meaning "that which is heard.")

Participants exposed fresh ideas to expert criticism, sometimes resulting in helpful suggestions and sometimes pointing out significant problems.

NetworkWorld.com - Some of the best Internet minds in the world met Thursday to discuss a wide range of methods to rid the Web of malicious traffic.

The Usenix invitation-only workshop, called Steps to Reducing Unwanted Traffic on the Internet (SRUTI), brought together more than 50 academics from all over the world as well as technical staff from equipment vendors and ISPs to develop methods to cut down on spam, viruses, worms and distributed denial-of-service (DDoS) attacks - methods that are practical at an operational level. (“Sruti,” by the way, is a Sanskrit word meaning "that which is heard.")

Participants exposed fresh ideas to expert criticism, sometimes resulting in helpful suggestions and sometimes pointing out significant problems.

One promising proposal would help wipe out the bulk of DDoS attacks near their sources, but not those attacks in which the aggressor machines use spoofed IP addresses. Even though the proposal wouldn't block all attacks, it was still considered feasible because it would mitigate the bulk of DDoS exploits that rely on networks of unspoofed zombie machines - botnets - to fire off the attacks.
 
On the flip side, another presentation advanced a relatively simple method of encrypting e-mail that would also authenticate the sender and receiver. But this was pretty much shot down when one attendee pointed out that encrypting e-mail would render useless spam filters that search content and subject lines for key words. "You have just proposed an excellent tool for spammers," he said. The author didn't have an answer for that.

Practicality seemed the watchword for the day. The author of the presentation on blocking DDoS attacks said there have been proposals that would be extremely effective if there were separate IP address spaces for servers and clients. "This has real possibilities if only we were redesigning the Internet from scratch," said Mark Handley, a researcher from University College London in the U.K.

Instead, Handley’s proposal would introduce devices near Internet servers and at the edge routers of ISPs to mark and monitor traffic to the servers. When a DDoS attack was detected, these devices would shut down at the edge router traffic from addresses identified as the source of the attack. These devices could effectively reduce DDoS traffic within a single ISP's network, Handley said. This enforcement could be extended to other ISPs and block attacks even closer to the source if the ISPs involved could develop enough trust to share knowledge about their networks, he said.

While DDoS drew much attention, SRUTI presenters also focused much of their time on spam, which accounts for the vast majority of e-mail crossing the Internet.