Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Published byMelissa Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring."— Presentation transcript:

1 Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring

2 Contents  Introduction  The traceback approach  Edge sampling algorithm  Phase 1: The marking procedure  Phase 2: The path reconstruction  Evaluation  Compressed edge fragment sampling  IP header encoding  The coverage time  Conclusion

3 Introduction  Denial-of-service attacks - consume resources of a remote host or network, denying or degrading service to legitimate users.  Traceback problem - trace attacks back to their origin  “spoofed” IP source addresses  Stateless Internet routing  Goal - identify the machines that directly generate attack traffic

4 The sampling traceback approach  Probabilistically mark packets with partial path information as they arrive at routers.  Combine such packets to reconstruct the entire path.  “post-mortem” traceback

5 The “Edge sampling” algorithm  Reserve 2 fields in packet, start and end and one field for distance  Upon receiving a packet, each router chooses to “mark” it with some probability p.  Form an edge between two consecutive routers

6 Phase 1: The marking procedure number of hops traversed since the edge was sampled

7 Phase 2: The path reconstruction The victim uses the edges sampled to create a graph leading back to the source of attack.

8 Evaluation Can efficiently discern multiple attacks Robust- it is impossible for any edge closer than the closest attacker to be spoofed, due to the robust distance determination. × Not backwards compatible - requires additional space in the IP packet header

9 Compressed edge fragment sampling  Goal : reduce per-packet storage requirements while preserving robustness.  Three techniques:  represent the edge as the exclusive-or (XOR) of the two IP addresses  subdivide each edge-id into k non-overlapping fragments  Increase the size of each router address by bit-interleaving its IP address with a hash of itself

10 IP header encoding  Identification field - used to differentiate IP fragments that belong to different packets  backwards-compatibility issues  Upstream  prepend a new ICMP “echo reply” header, along with the full edge data at the tail of the packet  Downstream  set the Don't Fragment flag on every marked packet

11 The coverage time  The number of packets that the victim must observe to reconstruct the attack path.  Most paths can be resolved with between one and two thousand packets  flooding-style denial of service attacks send many hundreds or thousands of packets each second

12 Conclusion  Denial-of-service attacks motivate the development of improved traceback capabilities  Edge sampling, can enable efficient and robust multi-party traceback  One potential deployment strategy is based on overloading existing IP header fields

13 References  Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. Practical Network Support for IP Traceback. In Proceedings of the 2000 ACM SIGCOMM Conference, pages 295--306, Stockholm, Sweden, August 2000Practical Network Support for IP Traceback

Download ppt "Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring."

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Quiz 1 Posted on DEN 8 multiple-choice questions

Quiz 1 Posted on DEN 8 multiple-choice questions
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
02/15/2007ecs2361 Tracing & Traceability S. Felix Wu UC Davis

02/15/2007ecs2361 Tracing & Traceability S. Felix Wu UC Davis
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
IP Spoofing CIS 610 Week 2: 13-JAN-2004. Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.

IP Spoofing CIS 610 Week 2: 13-JAN Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.
You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.

You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Internet Networking Spring 2003

Internet Networking Spring 2003
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.

SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.
Hash-Based IP Traceback Alex C. Snoeren, Craig Partidge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, and W. Timothy Strayer.

Hash-Based IP Traceback Alex C. Snoeren, Craig Partidge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, and W. Timothy Strayer.

Similar presentations

Ads by Google