[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: psamp@ops.ietf.org*Subject*: attacks on trajectory sampling*From*: Rae McLellan <rae@research.bell-labs.com>*Date*: Wed, 25 Sep 2002 13:14:08 -0400 (EDT)

>Here's a possible solution: instead of making sampling >decisions of the form > > sample if h(x) in [a,a+r-1] > >(where x is the packet, h the hash function, a the >lower interval boundary, r the range) > >we could use instead > > sample if h(x,s) in [0,r-1] > >where s is a secret "seed" value, chosen out of a >possibly large set (this is equivalent, of course, >of having a large family h_s(.) of different hash >functions). Excellent! this makes the specification of hash function values, (the valuse of s and r) correspond to what an operator might want to vary. the seed value provides the secret that cannot be know by malicious packet traffic, and the range parameter provides a throttling mechanism on the amount of generated sample traffic. If the range of the hash function is a 32-bit value, then r/2^32 becomes the ratio of sampled traffic to all traffic (assuming smooth distribution). This method of parameterizing the hash function is clear and intuitive. Way to go! Rae McLellan -- to unsubscribe send a message to psamp-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/psamp/>

- Prev by Date:
**Re: attacks on trajectory sampling** - Next by Date:
**new version of sampling draft** - Previous by thread:
**Re: attacks on trajectory sampling** - Next by thread:
**new version of sampling draft** - Index(es):