OUTLINE
    Background
    WATCHERS In A Nutshell
    WATCHERS in Detail
    WATCHERS vs. Clever Attackers
    Problems with WATCHERS

BACKGROUND
    Routing Protocol ² communication among routers
    Autonomous System (AS) ² a set of routers and hosts controlled by one administration authority

OVERVIEW:  PROBLEM
    Routers are attractive targets for Attackers
             Drop packets
             Add packets
             Misroute packets
    Solution:  WATCHERS run by each router in an AS

WATCHERS IN A NUTSHELL
    Detect drop packets
            R = count # of packets in (I) and out (O)
            I should equal O
                    Ignore packets destined for a router or created by a router
                    Fragmentation ² data bytes should be equal for a particular destination
    Conservation of Flow Test ² router communicate count values to each other

WATCHERS IN DETAIL
    Logging:  Transit Packet Byte Counters
        Neighbors have a balance on each other
        Communication --> Flooding Procedure

Is | I- O | < tolerance threshold value?

If router is bad, the good routers will remove the bad router from the table.  They are logically disconnected and the good router does not accept any more packets from the bad router.

Watching for Anomalies in Transit Conservation

Necessary Conditions

PROBLEMS WITH WATCHERS
    Multicast and other special case packets
    Conditions must hold for correct operation
    Overhead (costs) ² memory, processing, communication, authentication mechanism
    Fault tolerance is Difficult
    How large is the risk?

FUTURE WORK
    Research
    Effective proof
    Implementation and experimentation measures
    Study fault tolerance issue

QUESTIONS
    Can WATCHERS handle ...
            a SALAMI attack?
            two malicious routers conspiring to break the network?