I-D ACTION:draft-ietf-inch-rid-00.txt

Internet-Drafts@ietf.org Fri, 26 March 2004 21:19 UTC

Received: from asgard.ietf.org (asgard.ietf.org []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15607 for <ietf-announce-archive@odin.ietf.org>; Fri, 26 Mar 2004 16:19:45 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1B6yHz-00013L-Rz for ietf-announce-list@asgard.ietf.org; Fri, 26 Mar 2004 15:50:51 -0500
Received: from ietf.org ([]) by asgard.ietf.org with esmtp (Exim 4.14) id 1B6yHa-00010S-UC for all-ietf@asgard.ietf.org; Fri, 26 Mar 2004 15:50:26 -0500
Received: from CNRI.Reston.VA.US (localhost []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13926; Fri, 26 Mar 2004 15:50:23 -0500 (EST)
Message-Id: <200403262050.PAA13926@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: inch@nic.surfnet.nl
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-inch-rid-00.txt
Date: Fri, 26 Mar 2004 15:50:23 -0500
Sender: owner-ietf-announce@ietf.org
Precedence: bulk

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Extended Incident Handling Working Group of the IETF.

	Title		: Incident Handling: Real-Time Inter-Network Defense
	Author(s)	: K. Moriarty
	Filename	: draft-ietf-inch-rid-00.txt
	Pages		: 53
	Date		: 2004-3-26
Network security incidents such as Denial of Service (DoS), system
    compromises, worms, and viruses typically result in the loss of
    service, data, and resources both human and system.  Security
    incidents can be detrimental to the health of the network as a
    whole.  Network Providers (NP) need to be equipped and ready to
    assist in tracing security incidents with tools and procedures in
    place before the occurrence of an attack.  This paper proposes a
    proactive inter-network communication method to integrate existing
    tracing mechanisms across NP boundaries to identify the source(s)
    of an attack. The various methods implemented to detect and trace
    attacks must be coordinated on the NPs network as well as provide a
    communication mechanism across network borders.  It is imperative
    that NPs have quick communication methods defined to enable
    neighboring NPs to assist in tracking a security incident across
    the Internet.  This proposal integrates current incident detection
    and tracing practices for network traffic, which could be extended
    for security incident handling.  Policy guidelines for handling
    incidents are recommended and can be agreed upon by a consortium
    using the defined protocol and extended to each NP's clients.

A URL for this Internet-Draft is:

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-inch-rid-00.txt".

A list of Internet-Drafts directories can be found in
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
In the body type:
	"FILE /internet-drafts/draft-ietf-inch-rid-00.txt".
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the