Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Efficient Technique for Fast IP Traceback

  • Conference paper
Cooperative Design, Visualization, and Engineering (CDVE 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4101))

Abstract

This paper suggests techniques to restrain the convergence time and the combinatorial explosion. IP traceback technique allows a victim to trace the routing path that an attacker has followed to reach his system. It has an effect of deterring future attackers as well as capturing the current one. FMS (Fragment Marking Scheme) is an efficient implementation of IP traceback. Every router participating in FMS leaves its IP information on the passing-through packets, partially and with some probability. The victim, then, can collect the packets and analyze them to reconstruct the attacking path. FMS and similar schemes, however, suffer a long convergence time to build the path when the attack path is lengthy. Also they suffer a combinatorial explosion problem when there are multiple attack paths. The convergence time is reduced considerably by insuring all routers have close-to-equal chance of sending their IP fragments through a distance-weighted sampling technique. The combinatorial explosion is avoided by tagging each IP fragment with the corresponding router’s hashed identifier.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bellovin, S.M.: The ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt (March 2000), http://www.research.att.com/~smb

  2. Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source (December 1999) (Unpublished paper)

    Google Scholar 

  3. Computer Emergency Response Team (CERT), CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections (January 1995), http://www.cert.org/advisories/CA-1995-01.html

  4. Computer Emergency Response Team (CERT), CERT Advisory CA-2000-01 Denial-of-service developments (January 2000), http://www.cert.org/advisories/CA-2000-01.html

  5. Curry, D.A.: UNIX System Security, pp. 36–80. Addison Wesley, Reading (1992)

    Google Scholar 

  6. Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to ip traceback. In: Network and Distributed System Security Symposium, NDSS 2001 (February 2001)

    Google Scholar 

  7. Dittrich, D.: Distributed Denial of Service (DDoS) attacks/tools resource page (2000), http://staff.washington.edu/dittrich/misc/ddos/

  8. Diettrich, S., Long, N., Dittrich, D.: Analyzing distributed denial of service attack tools: The shaft case. In: 14th systems Administration Conference, LISA 2000 (2000)

    Google Scholar 

  9. Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267 (January 1998)

    Google Scholar 

  10. Howard, J.D.: An analysis of security incidents on the internet. Phd thesis, Carnegie Mellon University (August 1998)

    Google Scholar 

  11. Heberlein, L.T., Bishop, M.: Attack Class: Address Spoofing. In: 1996 National Information Systems Security Conference, Baltimore, MD, October 1996, pp. 371–378 (1996)

    Google Scholar 

  12. Kent, S., Mogul, J.: Fragmentation Considered Harmful. In: Proceedings of the 1987 ACM SIGCOMM Conference, Stowe, VT, August 1987, pp. 390–401 (1987)

    Google Scholar 

  13. Postel, J.: Internet Protocol-Darpa Internet Program-Protocol Specification, RFC 791 (September 1981), http://www.faqs.org/rfcs/rfc791.html

  14. Project IDS - Intrusion Detection System (2002), http://www.cs.columbia.edu/ids/index.html

  15. Sager, G.: Security Fun with Ocxmon and Cflowd. In: Presentation at the Internet 2 Working Group (November 1998)

    Google Scholar 

  16. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proc. of ACM SIGCOMM, pp. 295–306 (August 2000)

    Google Scholar 

  17. Stoica, I., Zhang, H.: Providing guaranteed services without per flow management. In: SIGCOMM 1999, pp. 81–94 (1999)

    Google Scholar 

  18. Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proceedings of thje 2000 USENIX Security Symposium, Denver, CO (July 2000) (to appear)

    Google Scholar 

  19. Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proc. IEEE INFOCOM (April 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DongBang Data Technology Co., Ltd. Department of Computer Science and Engineering, Inha University,  

    Byungryong Kim

Authors
  1. Byungryong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Balearic Islands, 07122, Palma de Mallorca, Spain

    Yuhua Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, B. (2006). Efficient Technique for Fast IP Traceback. In: Luo, Y. (eds) Cooperative Design, Visualization, and Engineering. CDVE 2006. Lecture Notes in Computer Science, vol 4101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863649_26

Download citation

  • DOI: https://doi.org/10.1007/11863649_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44494-7

  • Online ISBN: 978-3-540-44496-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation