RFC 3871 Operational Security Requirements September 2004
2.6. Rate Limiting Requirements
2.6.1. Support Rate Limiting
Requirement.
The device MUST provide the capability to limit the rate at which
it will pass traffic based on protocol, source and destination IP
address or CIDR block, source and destination port, and interface.
Protocols MUST include at least IP, ICMP, UDP, and TCP and SHOULD
include any protocol.
Justification.
This requirement provides a means of reducing or eliminating the
impact of certain types of attacks. Also, rate limiting has the
advantage that in some cases it can be turned on a priori, thereby
offering some ability to mitigate the effect of future attacks
prior to any explicit operator reaction to the attacks.
Examples.
Assume that a web hosting company provides space in its data
center to a company that becomes unpopular with a certain element
of network users, who then decide to flood the web server with
inbound ICMP traffic. It would be useful in such a situation to
be able to rate filter inbound ICMP traffic at the data center's
border routers. On the other side, assume that a new worm is
released that infects vulnerable database servers such that they
then start spewing traffic on TCP port 1433 aimed at random
destination addresses as fast as the system and network interface
of the infected server is capable. Further assume that a data
center has many vulnerable servers that are infected and
simultaneously sending large amounts of traffic with the result
that all outbound links are saturated. Implementation of this
requirement, would allow the network operator to rate limit
inbound and/or outbound TCP 1433 traffic (possibly to a rate of 0
packets/bytes per second) to respond to the attack and maintain
service levels for other legitimate customers/traffic.
Warnings.
None.
Jones Informational [Page 35]
Unlimited Web Hosting
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |