Professional Documents
Culture Documents
255
One solution to misbehaving nodes is to forward packets only 17%. During extreme mobility, watchdog and p a t h r a t e r can
through nodes t h a t share an a priori trust relationship. A increase network throughput by 27%, while increasing the
priori trust relationships are based on pre-existing relation- percentage of overhead transmissions from 12% to 24%. We
ships built outside of the context of the network (e.g. friend- describe mechanisms to reduce this overhead in Section 6.
ships, companies, and armies). The problems with relying
on a priori trust-based forwarding are t h a t 1) it requires The remainder of this paper is organized as follows. Section 2
key distribution, 2) trusted nodes may still be overloaded, specifies our assumptions about ad hoc networks and gives
3) trusted nodes may still be broken, 4) trusted nodes may be background information about DSR. Section 3 describes the
compromised, and 5) untrusted nodes may be well behaved. watchdog and p a t h r a t e r extensions. Section 4 describes the
It may not be possible to exchange keys used to authen- methodology we use in our simulations and the metrics we
ticate trusted nodes outside of the ad hoc network before use to evaluate the results. We present these results in Sec-
the conference or disaster t h a t requires an ad hoc network. tion 5. Sections 6 and 7 present related work and future
If keys are not distributed ahead of time, then enforcing a work, respectively. Finally, Section 8 concludes the paper.
priori trust-based forwarding requires a secure channel for
key exchanges within the ad hoc network for authentication. 2. ASSUMPTIONS AND BACKGROUND
Even if keys can be exchanged, a trusted node's security This section outlines the assumptions we make regarding
may be compromised, or a trusted node may be overloaded the properties of the physical and network layers of ad hoc
or broken as mentioned above. Finally, although relying on a networks and includes a brief description of DSR, the routing
priori trust-based forwarding reduces the number of misbe- protocol we use.
having nodes, it also excludes untrusted well behaved nodes
whose presence could improve ad hoc network performance.
2.1 Definitions
Another solution to misbehaving nodes is to a t t e m p t to We use the term neighbor to refer to a node t h a t is within
forstall or isolate these nodes from within the actual routing wireless transmission range of another node. Likewise, neigh-
protocol for the network. However, this would add signifi- borhood refers to all the nodes t h a t are within wireless trans-
cant complexity to protocols whose behavior must be very mission range of a node.
well defined. In fact, current versions of m a t u r e ad hoc rout-
ing algorithms, including D S R [12], AODV [7], T O R A [5l, 2.2 Physical Layer Characteristics
DSDV [19], STAR [9], and others [16] only detect if the Throughout this paper we assume bidirectional communi-
receiver's network interface is accepting packets, b u t they cation s y m m e t r y on every link between nodes. This means
otherwise assume t h a t routing nodes do not misbehave. Al- that if a node B is capable of receiving a message from a
though trusting all nodes to be well behaved increases the node A at time t, then node A could instead have received
number of nodes available for routing, it also admits misbe- a message from node B at time L This assumption is often
having nodes to the network. valid, since many wireless MAC layer protocols, including
IEEE 802.11 and M A C A W [2], require bidirectional commu-
In this paper we explore a different approach, and install ex- nication for reliable transmission. The watchdog mechanism
t r a facilities in the network to to detect and mitigate rout- relies on bidirectional links.
ing misbehavior. In this way, we can make only minimal
changes to the underlying routing algorithm. We introduce In addition, we assume wireless interfaces t h a t support promis-
two extensions to the Dynamic Source Routing algorithm cuous mode operation. Promiscuous mode means t h a t if a
(DSR) [12] to mitigate the effects of routing misbehavior: node A is within range of a node B, it can overhear com-
the watchdog and the pathratcr. The watchdog identifies mis- munications to and from B even if those communications
behaving nodes, while the p a t h r a t e r avoids routing packets do not directly involve A. Lucent Technologies' WaveLAN
through these nodes. W h e n a node forwards a packet, the interfaces have this capability. While promiscuous mode is
node's watchdog verifies t h a t the next node in the path also not appropriate for all ad hoc network scenarios (particu-
forwards the packet. The watchdog does this by listening larly some military scenarios) it is useful in other scenarios
promiscuously to the next node's transmissions. If the next for improving routing protocol performance [12].
node does not forward the packet, then it is misbehaving.
The p a t h r a t e r uses this knowledge of misbehaving nodes to
2.3 Dynamic Source Routing (DSR)
choose the network p a t h t h a t is most likely to deliver pack-
D S R is an on-demand, source routing protocol. Every packet
ets.
has a route path consisting of the addresses of nodes t h a t
have agreed to participate in routing the packet. The pro-
Using the ns network simulator [8], we show that the two
tocol is referred to as "on-demand" because route paths are
techniques increase throughput by 17% in the presence of
discovered at the time a source sends a packet to a destina-
up to 40% misbehaving nodes during moderate mobility,
tion for which the source has no path.
while increasing the ratio of overhead transmissions to d a t a
transmissions from the s t a n d a r d routing protocol's 9% to
We divide D S R into two main functions: route discovery
256
® ..... ®
F i g u r e 2: W h e n B f o r w a r d s a p a c k e t f r o m S t o w a r d
D t h r o u g h C, A c a n o v e r h e a r B ' s t r a n s m i s s i o n a n d
can verify that B has a t t e m p t e d to pass the packet
0 0 t o C. T h e solid l i n e r e p r e s e n t s t h e i n t e n d e d d i r e c t i o n
o f t h e p a c k e t s e n t b y B t o C, w h i l e t h e d a s h e d l i n e
0 0 i n d i c a t e s t h a t A is w i t h i n t r a n s m i s s i o n r a n g e o f B
@ and can overhear the packet transfer.
257
® ® the only reason B would have for taking the actions t h a t it
does is because it is malicious. B wastes b a t t e r y power and
CPU time, so it is not selfish. An overloaded node would not
F i g u r e 3: N o d e A d o e s n o t h e a r B f o r w a r d p a c k e t engage in this behavior either, since it wastes badly needed
1 t o C~ b e c a u s e B ' s t r a n s m i s s i o n c o l l i d e s at A w i t h CPU time and bandwidth. Thus, this second case should be
p a c k e t 2 f r o m t h e s o u r c e S. a rare occurrence.
258
replay attack to the node acting as its watchdog. Therefore, incorrect accusation it would be preferrable if it were not per-
detecting replay attacks would neither be an efficient nor an manently excluded from routing. Therefore nodes t h a t have
effective use of the watchdog mechanism. negative ratings should have their ratings slowly increased
or set back to a non-negative value after a long timeout.
For the watchdog to work properly, it must know where a This is not implemented in our simulations since the cur-
packet should be in two hops. In our implementation, the rent simulation period is too short to reset a misbehaving
watchdog has this information because DSR is a source rout- node's rating. Section 5.3 discusses the effect on throughput
ing protocol. If the watchdog does not have this information of accusing well-behaving nodes.
(for instance if it were implemented on top of a hop-by-hop
routing protocol), then a malicious or broken node could When the p a t h r a t e r learns t h a t a node on a p a t h t h a t is in
broadcast the packet to a non-existant node and the watch- use misbehaves, and it cannot find a p a t h free of misbehaving
dog would have no way of knowing. Because of this limi- nodes, it sends out a ROUTE REQUEST if we have enabled an
tation, the watchdog works best on top of a source routing extension we call Send Route Request (SRR).
protocol.
4. METHODOLOGY
3.2 Pathrater In this section we describe our simulator, simulation param-
The pathrater, run by each node in the network, combines eters, and measured metrics.
knowledge of misbehaving nodes with link reliability d a t a to
pick the route most likely to be reliable. Each node main- We use a version of Berkeley's Network Simulator (ns) [8]
tains a rating for every other node it knows about in the that includes wireless extensions made by the CMU Monarch
network. It calculates a p a t h metric by averaging the node project. We also use a visualization tool from CMU called
ratings in the path. We choose this metric because it gives ad-hockey [25] to view the results of our simulations and
a comparison of the overall reliability of different paths and detect overall trends in the network. To execute the simu-
allows p a t h r a t e r to emulate the shortest length p a t h algo- lations, we use PCs (450 or 500 MHz Pentium IIIs with at
rithm when no reliability information has been collected, as least 128 MB of RAM) running Red Hat Linux 6.1.
explained below. If there are multiple paths to the same
destination, we choose the p a t h with the highest metric. Our simulations take place in a 670 by 670 meter flat space
Note that this differs from standard DSR, which chooses filled with a scattering of 50 wireless nodes. The physical
the shortest p a t h in the route cache. Further note that since layer and the 802.11 MAC layer we use are included in the
the p a t h r a t e r depends on knowing the exact path a packet CMU wireless extensions to ns[3].
has traversed, it must be implemented on top of a source
routing protocol. 4.1 Movement and Communication Patterns
The nodes communicate using 10 constant bit rate (CBR)
The p a t h r a t e r assigns ratings to nodes according to the fol- node-to-node connections. Four nodes are sources for two
lowing algorithm. W h e n a node in the network becomes connections each, and two nodes are sources for one connec-
known to the p a t h r a t e r (through route discovery), the path- tion each. Eight of the flow destinations receive only one
rater assigns it a "neutral" rating of 0.5. A node always rates flow and the ninth destination receives two flows. The com-
itself with a 1.0. This ensures that when calculating path munication p a t t e r n we use was developed by CMU [3].
rates, if all other nodes are neutral nodes (rather than sus-
pected misbehaving nodes), the p a t h r a t e r picks the shortest In all of our node movement scenarios, the nodes choose
length path. The p a t h r a t e r increments the ratings of nodes a destination and move in a straight line towards the des-
on all actively used paths by 0.01 at periodic intervals of tination at a speed uniformly distributed between 0 me-
200 ms. An actively used p a t h is one on which the node ters/second (m/s) and some maximum speed. This is called
has sent a packet within the previous rate increment inter- the random waypoint model [3]. We limit the maximum
val. The m a x i m u m value a neutral node can attain is 0.8. speed of a node to 20 m / s (10 m / s on average) and we set
We decrement a node's rating by 0.05 when we detect a link the run-time of the simulations to 200 seconds. Once the
break during packet forwarding and the node becomes un- node reaches its destination, it waits for the pause time be-
reachable. The lower bound rating of a "neutral" node is 0.0. fore choosing a random destination and repeating the pro-
The p a t h r a t e r does not modify the ratings of nodes t h a t are cess. We use pause times of 0 and 60 seconds. In addition
not currently in active use. we use two different variations of the initial node placement
and movement patterns. By combining the two pause times
We assign a special highly negative value, - 1 0 0 in the simu- with two movement patterns, we obtain four different mo-
lations, to nodes suspected of misbehaving by the watchdog bility scenarios.
mechanism. W h e n the p a t h r a t e r calculates the path met-
ric, negative p a t h values indicate the existence of one or 4.2 Misbehaving Nodes
more suspected misbehaving nodes in the path. If a node is Of the 50 nodes in the simulated network, some variable per-
marked as misbehaving due to a t e m p o r a r y malfunction or centage of the nodes misbehave. In our simulations, a mis-
259
behaving node is one that agrees to participate in forwarding [ I Maximum [ Minimum
packets (it appends its address into ROUTE REQUEST pack- [ 0 second pause time I 88.6% I 75.2%
ets) but then indiscriminately drops all data packets that 60 second pause time 95.0% 73.9%
are routed through it.
Table 1: M a x i m u m and m i n i m u m n e t w o r k t h r o u g h -
We vary the percentage of the network comprised of misbe- put o b t a i n e d b y a n y s i m u l a t i o n at 40~0 m i s b e h a v i n g
having nodes from 0% to 40% in 5% increments. While a n o d e s w i t h all features enabled.
network with 40% misbehaving nodes may seem unrealistic,
it is interesting to study the behavior of the algorithms in a
more hostile environment than we hope to encounter in real paths when all known paths include a suspected misbehav-
life. We use Tcl's [17] built-in pseudo-random number gen- ing node. Each of the following sections includes two graphs
erator to designate misbehaving nodes randomly. We use of simulation results for two separate pause times. The first
the same seed across the 0% to 40% variation of the mis- graph is for a pause time of 0 (the nodes are in constant mo-
behaving nodes parameter, which means that the group of tion) and the second is for a pause time of 60 seconds before
misbehaving nodes in the 10% case is a superset of the group and in between node movement. We simulate two different
of misbehaving nodes in the 5% case. This ensures that the node mobility patterns using four different pseudo-random
obstacles present in lower percentage misbehaving node runs number generator seeds. The seeds determine which nodes
are also present in higher percentage misbehaving node runs. misbehave. We plot the average of the eight simulations.
260
Maximum Minimum
0 second pause time 31.3% 18.9%
60 second pause time 23.5% 11.0%
Table 2: M a x i m u m a n d m i n i m u m o v e r h e a d o b t a i n e d
by a n y simulation at 40% m i s b e h a v i n g n o d e s with all
features enabled.
261
with all options enabled at 40% misbehaving nodes.
262
Percent misbehaving nodes 0% [ 5% 10% 15% 20% 25% 30% 35% 40%
0 second pause time 131102182.890.366.575.560.867.531.350.8
60 second pause time . 57.6 40.8 63.1 35.7 79.5 46.7 21.7 47.2
T a b l e 3: C o m p a r i s o n o f t h e n u m b e r o f f a l s e p o s i t i v e s b e t w e e n t h e 0 s e c o n d a n d 60 s e c o n d p a u s e t i m e
s i m u l a t i o n s . A v e r a g e t a k e n f r o m t h e s i m u l a t i o n s w i t h all f e a t u r e s e n a b l e d .
.> 0.8
6. RELATED W O R K
To our knowledge, there is no previously published work
i 0.6 on detection of routing misbehavior specific to ad hoc net-
15 works, although there is relevant work by Smith, Murthy
8 and Garcia-Luna-Aceves on securing distance vector rout-
~ 0.4 ing protocols from Byzantine routing failures [22]. In their
work, they suggest countermeasures to secure routing mes-
~ o.~ sages and routing updates. This work may be applicable to
ad hoc networks in that distance vector routing protocols,
No False Positives i such as DSDV, have been proposed for ad hoc networks.
I Regular Watchdoq ---x---
0 ,. ,
0 0.1 02 0.3 0.4 0.5
Fraction of misbehaving nodes Zhou and Haas investigate distributed certificate authorities
in ad hoc networks using threshold cryptography[27]. Zhou
(a) 0 second pause time and Haas take the view t h a t no one single node in an ad
hoc network can be trusted due to low physical security and
low availability. Therefore, using a single node to provide an
important network-wide service, such as a certificate author-
ity, is very risky. Threshold cryptography allows a certificate
~ " 0.8
anthority's private key to be broken up into shares and dis-
tributed across multiple nodes. To sign a certificate, a subset
of the nodes with private key shares must jointly collaborate.
0.6 Thus, to mount a successful attack on the certificate author-
"6 ity, an intruder must compromise multiple nodes.
8
0.4 To further frustrate attack a t t e m p t s over time, Zhou and
,c Haas' scheme uses share refreshing. It is possible that over
~ 0.2 a long period of time enough share servers could be compro-
mised to recover the certificate authority's secret key. Share
No False Positives a refreshing allows uncompromised servers to compute a new
, R?gutar Watchdo~ ---x---
0 I private key periodically from the old private key's shares.
0 0.1 0.2 0.3 0.4 0.5
Fraction of misbehaving nodes
This periodic refreshing means t h a t an attacker must infil-
trate a large number of nodes within a short time span to
(b) 60 second pause time recover the certificate authority's secret key.
263
slave device will not recognize any other device as a master Ad hoc networks are an increasingly promising area of re-
except the device t h a t originally sent it the key. The authors search with practical applications, b u t they are vulnerable
bring up an interesting denial of service attack: the battery in many settings to nodes t h a t misbehave when routing pack-
drain attack. A misbehaving node can mount a denial-of- ets. For robust performance in an untrusted environment, it
service attack against another node by routing seemingly is necessary to resist such routing misbehavior.
legitimate traffic through the node in an a t t e m p t to wear
down the other node's batteries. In this paper we analyze two possible extensions to D S R to
mitigate the effects of routing misbehavior in ad hoc net-
works - the watchdog and the pathrater. We show t h a t
7. FUTURE WORK the two techniques increase throughput by 17% in a net-
This paper presents initial work in detecting misbehaving work with moderate mobility, while increasing the ratio of
nodes and mitigating their performance impact in ad hoc overhead transmissions to d a t a transmissions from the stan-
wireless networks. In this section we describe some further dard routing protocol's 9% to 17%. During extreme mobility,
ideas we would like to explore. watchdog and p a t h r a t e r can increase network throughput by
27%, while increasing the percentage of overhead transmis-
We plan on conducting more rigorous tests of the watch- sions from 12% to 24%.
dog and p a t h r a t e r parameters to determine optimal values
to increase throughput in different situations. Currently we These results show t h a t we can gain the benefits of an in-
are experimenting with different watchdog thresholds for de- creased number of routing nodes while minimizing the effects
ciding when a node is misbehaving. Some of the variables of misbehaving nodes. In addition we show t h a t this can be
to optimize for the p a t h r a t e r include the rating increment done without a prior/trust or excessive overhead.
and decrement amounts, the rate incrementing interval, and
the delay between sending out route requests to decrease the
overhead caused by this feature. 9. ACKNOWLEDGEMENTS
We would like to t h a n k Diane Tang, Petros Maniatis, Mema
Our simulations use scenarios in which there are no a pri- Roussopoulos, and Ed Swierk for their comments on drafts
ori trust relationships, b u t we expect the performance of of this paper. We would also like to t h a n k Dan Boneh for his
p a t h r a t e r to increase when it can make use of explicitly help in early discussions of this work. This work was sup-
trusted nodes. Trusted node lists are available in some ad ported in part by a generous gift from N T T Mobile Com-
hoc network scenarios, and we would like to analyze the per- munications Network, Inc. (NTT DoCoMo). In addition,
formance of our routing extensions in these scenarios. Sergio Marti was supported by a National Defense Science
and Engineering G r a d u a t e Fellowship.
Currently the p a t h r a t e r only decrements a node's rating
when another node tries unsuccessfully to send to it or if the 10. REFERENCES
watchdog mechanism is active and determines t h a t a node [11 S. Basagni and et al. A Distance Routing Effect
is misbehaving. W i t h o u t the watchdog active, the p a t h r a t e r Algorithm for Mobility (DREAM). In Proceedings of
cannot detect misbehaving nodes. An obvious enhancement the Fourth Annual ACM//IEEE International
would be to receive updates from a reliable transport layer, Conference on Mobile Computing and Networking
such as TCP, when ACKs fail to be received. This would (MOBICOM '98), October 1998.
allow the p a t h r a t e r to detect b a d paths and lower the nodes'
ratings accordingly. !2 ] V. Bharghavan, A. Demers, S. Shenker, and L. Zhang.
MACAW: A Medium Access Protocol for Wireless
All the simulations presented in this paper use CBR d a t a LANs. In Proceedings of ACM SIGCOMM '9~, August
sources with no reliability requirements. Our next goal is to 1994.
analyze how the routing extensions perform with T C P flows
common to most network applications. Our focus would [31 J. Broch, D. A. Maltz, D. B. Johnson, Y. C. Hu, and
then change from measuring throughput, or dropped pack- J. Jetcheva. A Performance Comparison of Multi-Hop
ets, to measuring the time to complete a reliable transmis- Wireless A d Hoc Network Routing Protocols. In
sion, such as an F T P transfer. For these tests the modifi- Proceedings of the Fourth Annual ACM/IEEE
cation to p a t h r a t e r described above should improve perfor- International Conference on Mobile Computing and
mance significantly in the case where the watchdog is not Networking (MOBICOM '98), October 1998.
active.
[41 R. Castaneda and S. R. Das. Query Localization
Finally, we would like to evaluate the watchdog and p a t h r a t e r Techniques for On-Demand Routing Protocols in Ad
considering latency in addition to throughput. Hoc Networks. In Proceedings of the Fifth Annual
ACM/IEEE International Conference on Mobile
Computing and Networking (MOBICOM '99), August
8. CONCLUSION 1999.
264
[5] S. Corson and V. Park. Temporally-Ordered Routing [17] J. K. Ousterhout. Tcl and the Tk Toolkit.
Algorithm (TORA) Version 1 Functional Specification. Addison-Wesley, 1994.
Mobile Ad-hoc Network (MANET} Working Group,
IETF, October 1999. [18] S. H. Park, A. Ganz, and Z. Ganz. Security protocol
for IEEE 802.11 wireless local area network. Mobile
[6] B. P. Crow, I. K. Widjaja, G. Jeong, and P. T. SakaL Networks and Applications. Vol. 3. 1998.
IEEE-802.11 Wireless local Area Networks. IEEE
Communications Magazine, vol. 35, No.9: pages [19] C.E. Perkins and P. Bhagwat. Highly Dynamic
116-126, September 1997. Destination-Sequenced Distance-Vector Routing
(DSDV) for Mobile Computers. In Proceedings of the
[7] S. Dos, C. E. Perkins and E. M. Royer. Ad Hoc On SIGCOMM '94 Conference on Communications
Demand Distance Vector (AODV) Routing Architectures, Protocols and Applications, pages
(Internet-Draft). Mobile Ad-hoc Network (MANET) 234-244, August 1994.
Working Group, IETF, October 1999.
[20] R. Prakash. Unidirectional Links Prove Costly in
[8] K. Fall and K. Varadhan, editors, ns notes and Wireless Ad Hoc Networks. In Proceedings of DIMA CS
documentation. The VINT Project, UC Berkeley, Workshop on Mobile Networks and Computers, 1999.
LBL, USC/ISI, and Xerox PARC, July 1999. Available
from http://www-mash, ca. berkeley, edu/ns/. [21] B. Smith and J.J. Garcia-Luna-Aceves. Efficient
Security Mechanisms for the Border Gateway Routing
[9] J.J. Garcia-Luna-Aceves and M. Spohn. Source-Tree Protocol. Computer Communications (Elsevier), Vol.
Routing in Wireless Networks. In Proceedings IEEE 21, No. 3: pp. 203-210, 1998, .
ICNP 99: 7th International Conference on Network
Protocols, Toronto, Canada, October 31-November 3, [22] B. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves.
1999. Securing Distance-Vector Routing Protocols. In
Proceedings of Internet Society Symposium on Network
[10] J.J. Garcia-Luna-Aceves, Marcelo Spohn, and David and Distributed System Security, San Diego, CA,
Beyer. Source Tree Adaptive Routing (STAR) February 1997.
Protocol (Internet-Draft). Mobile Ad hoc Network
(MANET} Working Group, IETF, October 1999. [23] F. Stajano and R. Anderson. The Resurrecting
Duckling: Security Issues for Ad-hoc Wireless
[11] P. Johansson and T. Larsson. Scenario-Based Networks. B. Christianson, B. Crispo, and M. Roe
Performance Analysis of Routing Protocols for Mobile (Eds.)., Security Protocols, 7th International Workshop
Ad-Hoc Networks. In Proceedings of the Fifth Annual Proceedings, Lecture Notes in Computer Science, 1999.
A CM/1EEE International Conference on Mobile
Computing and Networking (MOBICOM '99), August [24] D. G. Stinson. Cryptography: Theory and Practice.
1999. CRC Press, 1995.
[12] D. Johnson, D. A. Maltz, and 3. Broch. The Dynamic [25] The CMU Monarch Project. The CMU Monarch
Source Routing Protocol for Mobile Ad Hoe Networks Projects Wireless and Mobility Extensions to ns.
(Internet-Draft). Mobile Ad-hoc Network (MANET) h t t p : / ] ~ . m o n a r c h . es. emu. edu/cmu-ns, html. Oct.
Working Group, IETF, October 1999. 12, 1999.
D. Johnson. Personal Communication. February 2000. [261 C.-K. Toh. Associativity Based Routing For Ad-Hoc
Mobile Networks. Wireless Personal Communications
[13] J. Jubin and J. Tornow. The DARPA Packet Radio Journal, Special Issue on Mobile Networking and
Network Protocols. In Proceedings of the IEEE, Computing Systems, Vol. 4, No. 2, pp.103-139, March
75(1):21-32, 1987. 1997.
[14] Y.-B. Ko and N. H. Vaidya. Location-Aided Routing [27] L. Zhou and Z. J. Haas. Securing Ad Hoc Networks. IEEE
(LAR) in Mobile Ad Hoc Networks. In Proceedings of Network Magazine, vol. 13, no.6, November/December 1999.
the Fourth Annual A CM/IEEE International
Conference on Mobile Computing and Networking
(MOBICOM '98), October 1998.
[15] Y.-B. Ko and N. H. Vaidya. Geocasting in Mobile Ad
Hoc Networks: Location-Based Multicast Algorithms.
WMCSA '99, New Orleans.
[16] IETF MANET Working Group Internet Drafts.
h t t p ://www. i e t f . org/ids, by. wg/manet, html.
265