ITU plan to stop DoS attacks could end Net anonymity too
- — 15 September, 2008 08:40
The ITU's Study Group 17 has been considering IP traceback since April 2007, when its vice chairman, Jianyong Chen of Chinese equipment manufacturer ZTE, made a ZTE presentation on the matter, and the group decided in April this year to study it more seriously.
The meeting will consider contributions to a draft recommendation from telecommunication researchers in China and South Korea, with the most extensive contribution from Korea's Telecommunications Technology Association (TTA), a local standards body.
TTA has TTA report on the many existing ways to trace back to the source of spoofed traffic.
Its latest contribution "is an almost encyclopedic recitation of existing and potential traceback techniques that could apply from the IP layer through applications," said Rutkowski, who has seen the document. As a rule, the ITU does not release working documents.
Recommendations made by the ITU, a United Nations agency, have no force of law, although network operators may make compliance with ITU specifications a condition of the interconnection agreements they make with one another.
The ITU's work in this area worries Steven Bellovin, a professor of computer science at Columbia University. While working at AT&T, he coauthored an Internet Draft on ICMP Traceback Messages for the Internet Engineering Task Force, but now believes that such features should yield no more information than is already necessary for the network to function -- and perhaps not even that much.
Dempsey is in no hurry for carriers to adopt a recommendation on IP traceback.
"We don't have perfect anonymity, and we don't have perfect traceability. Having perfection in either value has unacceptable implications for the other value. Sometimes, the best solution is 'pretty good' rather than perfect," Dempsey said.