A Layer-2 Extension to Hash-Based IP Traceback
نویسندگان
چکیده
Hash-based IP traceback is a technique to generate audit trails for traffic within a network. Using the audit trails, it reconstructs not only the true attack paths of a Distributed Denial of Service attack (DDoS attack), but also the true path of a single packet attack. However, hash-based IP traceback cannot identify attacker nodes themselves because it has no audit trail on the subnet’s layer-2 network under the detected leaf router, which is the nearest node to an attacker node on a layer-3 network. We propose a layer-2 extension to hash-based IP traceback, which stores two identifiers with packets’ audit trails while reducing the memory requirement for storing identifiers. One of these identifiers shows the leaf router’s interface through which an attacking packet came, and the other represents the ingress port on a layer-2 switch through which the attacking packet came. We implement a prototype on FreeBSD and evaluate it in a preliminary experiment. key words: Distributed Denial of Service attack (DDoS), hash-based IP traceback, layer-2 traceback
منابع مشابه
ROUTER INTERFACE BASED IP TRACEBACK METHOD FOR DDOS ATTACK IN IPV6 NETWORKS S.T.Shenbagavalli
DoS/DDoS attacks constitute one of the major classes of security threats in the Internet today. The attackers usually use IP spoofing to conceal their real location. The objective of IP traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packet...
متن کاملTraceback of Single IP Packets Using SPIE
The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. IP traceback techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present SPIE, the Source Path Isolation Engine, a hash-based technique for IP traceback that ge...
متن کاملA Review of Packet Marking IP Traceback Schemes
Today, Internet has become the primary source of communication in networks. The attack on its infrastructure poses a great challenge in its expansion. Distributed Denial of Service attack is a serious security threat encountered during the past decade. The goal of the attacker is to spoof the source of IP address to hide its source. Various IP traceback schemes such as Probabilistic Packet Mark...
متن کاملLow Storage and Traceback Overhead IP Traceback System
Using IP spoofing, a person masquerades as another by falsifying source IP address and gains an illegitimate access. Denial of Service (DoS) is an attack that is launched to bring down a network by flooding it with useless traffic. This attack can be easily exploited by IP spoofing. To prevent DoS, it is necessary to determine the source of the attacks. IP traceback is a mechanism that attempts...
متن کاملImplementing IP Traceback in the Internet — An ISP Perspective
ISBN 0-7803-9850-5 /$10.00 2002 IEEE Page 326 Abstract--Denial-of-Service (DoS) attacks consume the resources of remote hosts and the network in terms of buffers, processing power, and connections, thus denying or degrading the Internet services to legitimate users. Managed security service (MSS) has been developed to provide better network performance in addition to protect customers from be...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003