Subliminal Traceroute in TCP/IP
نویسندگان
چکیده
We introduce a technique for tracing a class of “man in the middle” TCP spoofing attacks. The technique works by embedding a traceroute-like mechanism, which we call subliminal traceroute (ST), in the acknowledgment stream of an active TCP connection. We consider the design considerations of ST and show that the attacker can take an active role to defeat our method. We conclude by suggesting future work on ST that may make it more difficult to defeat. Portions of this work were supported by sponsors of the Center for Education and Research in Information Assurance and Security.
منابع مشابه
Automating Geography-Based Redirection
Reliability and performance considerations have led to widespread use of mirror sites for content delivery. Based on measurements, redirection to a geographically closer replica is indeed valuable. Given an IP address, a mapping tool has to return the geographic location of the host to which the IP address has been assigned. This is a difficult problem because an IP address does not inherently ...
متن کاملTracing Internet Path Transparency
Middleboxes like firewalls or NATs, get increasingly deployed in the Internet. Since the manipulation of Internet traffic by these middleboxes can lead to the dropping of new protocols or protocol extensions, tools are needed that can detect these protocol impairments. One tool that does exactly this is PATHspider [1]. Trough A/B testing PATHspider is able to detect connectivity issues with new...
متن کاملIP Alias Resolution Techniques
The well-known traceroute probing method discovers links between interfaces on Internet routers. IP alias resolution, the process of identifying IP addresses belonging to the same router, is a critical step in producing Internet topology maps. We compare known alias resolution techniques, and suggest a practical combination of techniques that can produce the most accurate and complete IP-to-rou...
متن کاملTraceroute Using an IP Option
Traceroute serves as a valuable network debugging tool. The way in which it is currently implemented has the advantage of being automatically supported by all of the routers. It’s two problems are the number of packets it generates and the amount of time it takes to run. This document specifies a new IP option and ICMP message type which duplicates the functionality of the existing traceroute m...
متن کاملA Second Look at Detecting Third-Party Addresses in Traceroute Traces with the IP Timestamp Option
Artifacts in traceroute measurement output can lead to false inferences of AS-level links and paths when used to deduce AS topology. One traceroute artifact is caused by routers that respond to traceroute probes with a source address not in the path towards the destination, i.e. an off-path address. The most well-known traceroute artifact, the third-party address, is caused by off-path addresse...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000