GOSSIB vs. IP Traceback Rumors
نویسنده
چکیده
To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. [SWKA00]. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more efficiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effectively useless. It can be expected that GOSSIB has similar effects on other PPM traceback schemes and that standard modifications to the systems will not solve the problem.
منابع مشابه
ROUTER INTERFACE BASED IP TRACEBACK METHOD FOR DDOS ATTACK IN IPV6 NETWORKS S.T.Shenbagavalli
DoS/DDoS attacks constitute one of the major classes of security threats in the Internet today. The attackers usually use IP spoofing to conceal their real location. The objective of IP traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packet...
متن کاملICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback
DoS/DDoS attacks constitute one of the major classes of security threats in the Internet today. The attackers usually use IP spoofing to conceal their real location. The current Internet protocols and infrastructure do not provide intrinsic support to traceback the real attack sources. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the a...
متن کاملAn implementation of a hierarchical IP traceback architecture
The IP traceback technique detects sources of attack nodes and the paths traversed by anonymous DDoS (Distributed Denial of Service) flows with spoofed source addresses. We propose a hierarchical IP traceback architecture, which decomposes the Internet-wide traceback procedure into inter-domain traceback and intradomain traceback. Our proposed method is different from existing approaches in tha...
متن کاملAccommodating fragmentation in deterministic packet marking for IP traceback
1 We propose a modification to the basic Deterministic Packet Marking (DPM), a promising IP traceback scheme, to handle fragmented traffic. The modification introduces no additional bandwidth overhead, but limited additional memory requirements and processing overhead on the DPM-enabled interface. Index Terms — Security, IP Traceback
متن کاملAn Efficient IP Traceback mechanism for the NGN based on IPv6 Protocol
Protecting against DOS or DDOS attacks can be regarded as one of the most difficult problems on the Internet today. One solution to thwart these attacks is to trace the source of the attacks. However, it is not easy to trace since the attackers usually use the spoofed IP source addresses to hide his or her network location. The key problem includes how to identify the “real” sources of the atta...
متن کامل