Skip to main content

Incident Handling: Real-time Inter-network Defense

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Kathleen Moriarty
Last updated 2006-08-21
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Network security incidents, such as system compromises, worms, viruses, phishing incidents, and denial of service (DoS), typically result in the loss of service, data, and resources both human and system. Network Providers (NPs) need to be equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. This paper outlines a proactive inter-network communication method to facilitate sharing incident handling data and integrate existing tracing mechanisms across NP boundaries to identify the source(s) of an attack. The various methods implemented to detect and trace attacks must be coordinated on the NPs' network as well as provide a communication mechanism across network borders. It is imperative that NPs have quick communication methods defined to enable neighboring NPs to assist in reporting or tracking a security incident across networks. A complete solution integrating incident detection, source identification, reporting and communication capabilities, and methods to stop attack traffic is necessary to attain higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations.


Kathleen Moriarty

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)