Internet-Drafts@ietf.org Fri, 26 March 2004 21:19 UTC
Received: from asgard.ietf.org (asgard.ietf.org [10.27.6.40])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15607
Fri, 26 Mar 2004 16:19:45 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1B6yHz-00013L-Rz for firstname.lastname@example.org; Fri, 26 Mar 2004 15:50:51 -0500
Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 1B6yHa-00010S-UC for email@example.com; Fri, 26 Mar 2004 15:50:26 -0500
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13926; Fri, 26 Mar 2004 15:50:23 -0500 (EST)
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Subject: I-D ACTION:draft-ietf-inch-rid-00.txt
Date: Fri, 26 Mar 2004 15:50:23 -0500
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Extended Incident Handling Working Group of the IETF. Title : Incident Handling: Real-Time Inter-Network Defense Author(s) : K. Moriarty Filename : draft-ietf-inch-rid-00.txt Pages : 53 Date : 2004-3-26 Network security incidents such as Denial of Service (DoS), system compromises, worms, and viruses typically result in the loss of service, data, and resources both human and system. Security incidents can be detrimental to the health of the network as a whole. Network Providers (NP) need to be equipped and ready to assist in tracing security incidents with tools and procedures in place before the occurrence of an attack. This paper proposes a proactive inter-network communication method to integrate existing tracing mechanisms across NP boundaries to identify the source(s) of an attack. The various methods implemented to detect and trace attacks must be coordinated on the NPs network as well as provide a communication mechanism across network borders. It is imperative that NPs have quick communication methods defined to enable neighboring NPs to assist in tracking a security incident across the Internet. This proposal integrates current incident detection and tracing practices for network traffic, which could be extended for security incident handling. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the defined protocol and extended to each NP's clients. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-inch-rid-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-inch-rid-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: firstname.lastname@example.org. In the body type: "FILE /internet-drafts/draft-ietf-inch-rid-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- I-D ACTION:draft-ietf-inch-rid-00.txt Internet-Drafts