Browse Prior Art Database

Real-time Inter-network Defense (RID) (RFC6045)

IP.com Disclosure Number: IPCOM000201073D
Original Publication Date: 2010-Nov-01
Included in the Prior Art Database: 2010-Nov-09

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

K. Moriarty: AUTHOR

Abstract

Incident handling involves the detection, reporting, identification, and mitigation of an attack, whether it be a system compromise, socially engineered phishing attack, or a denial-of-service (DoS) attack. When an attack is detected, the response may include simply filing a report, notification to the source of the attack, a request for mitigation, or the request to locate the source. One of the more difficult cases is that in which the source of an attack is unknown, requiring the ability to trace the attack traffic iteratively upstream through the network for the possibility of any further actions to take place. In cases when accurate records of an active session between the victim system and the attacker or source system are available, the source is easy to identify. The problem of tracing incidents becomes more difficult when the source is obscured or spoofed, logs are deleted, and the number of sources is overwhelming. If the source of an attack is known or identified, it may be desirable to request actions be taken to stop or mitigate the effects of the attack.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 2% of the total text.

Internet Engineering Task Force (IETF)                       K. Moriarty Request for Comments: 6045                                           EMC Category: Informational                                    November 2010 ISSN: 2070-1721

                  Real-time Inter-network Defense (RID)

Abstract

   Network security incidents, such as system compromises, worms,

   viruses, phishing incidents, and denial of service, typically result

   in the loss of service, data, and resources both human and system.

   Network providers and Computer Security Incident Response Teams need

   to be equipped and ready to assist in communicating and tracing

   security incidents with tools and procedures in place before the

   occurrence of an attack.  Real-time Inter-network Defense (RID)

   outlines a proactive inter-network communication method to facilitate

   sharing incident handling data while integrating existing detection,

   tracing, source identification, and mitigation mechanisms for a

   complete incident handling solution.  Combining these capabilities in

   a communication system provides a way to achieve higher security

   levels on networks.  Policy guidelines for handling incidents are

   recommended and can be agreed upon by a consortium using the security

   recommendations and considerations.

   RID has found use within the international research communities, but    has not been widely adopted in other sectors.  This publication    provides the specification to those communities that have adopted it,    and communities currently considering solutions for real-time inter-    network defense.  The specification may also accelerate development    of solutions where different transports or message formats are    required by leveraging the data elements and structures specified    here.

Moriarty                      Informational                     [Page 1]
 RFC 6045                           RID                     November 2010

 Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for informational purposes.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Not all documents    approved by the IESG are a candidate for any level of Internet    Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at    http://www.rfc-editor.org/info/rfc6045.

Copyright Notice

   Copyright (c) 2010 IETF Trust...