Internet level Traceback System for Identifying the Locations of IP Spoofers from Path Backscatter
Main Article Content
Abstract
It is normal that attackers over the network may use fake source IP addresses to conceal their actual locations. This paper proposes a framework that bypasses the deployment challenges of IP Traceback techniques [1]. The system researches Internet Control Message Protocol error messages (named path backscatter) activated by spoofing traffic and tracks the spoofers based on the public information available (e.g., topology). Along these lines, the proposed framework can discover the spoofers with no deployment prerequisite. Although the proposed framework may not work in all spoofing attacks, it might be the most useful mechanism to trace spoofers before an Internet-level traceback framework has been deployed in reality. The results are obtained by implementing simulations using the Java platform to understand the system over the networks.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
IJCERT Policy:
The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.
By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.
References
. Yao, G., Bi, J., & Vasilakos, A. V. (Senior Member). Passive IP Traceback: Disclosing the Locations of IP Spoofers From Path Backscatter. IEEE Transactions on Pattern Analysis and Machine Intelligence, 34(1), 19–32. Jan 2012.
. Bellovin, S. M. Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review, 19(2), 32–48. Apr 1989.
. ICANN Security and Stability Advisory Committee. Distributed denial of service (DDOS) attacks. SSAC Advisory SAC008, Tech. Rep. Mar 2006.
. Labovitz, C. Bots, DDoS and ground truth. Presented at the 50th NANOG, Oct 2010.
. The UCSD Network Telescope. Retrieved from http://www.caida.org/projects/network_telescope/
. Savage, S., Wetherall, D., Karlin, A., & Anderson, T. Practical network support for IP traceback. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM), pp. 295–306. 2000.
. Bellovin, S. ICMP Traceback Messages. Retrieved from http://tools.ietf.org/html/draft-ietf-itrace-04, accessed Feb 2003.
. Snoeren, A. C., et al. Hash-based IP traceback. SIGCOMM Computer Communication Review, 31(4), 3–14. Aug 2001.
. Moore, D., Shannon, C., Brown, D. J., Voelker, G. M., & Savage, S. Inferring internet denial-of-service activity. ACM Transactions on Computer Systems, 24(2), 115–139. May 2006. Retrieved from http://doi.acm.org/10.1145/1132026.1132027
. Goodrich, M. T. Efficient packet marking for large-scale IP traceback. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pp. 117–126. 2002.
. Song, D. X., & Perrig, A. Advanced and authenticated marking schemes for IP traceback. In Proceedings of the IEEE 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 2. Apr 2001, pp. 878–886.
. Yaar, A., Perrig, A., & Song, D. FIT: Fast internet traceback. In Proceedings of the IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 2. Mar 2005, pp. 1395–1406.
. Liu, J., Lee, Z.-J., & Chung, Y.-C. Dynamic probabilistic packet marking for efficient IP traceback. Computer Networks, 51(3), 866–882. 2007.
. Park, K., & Lee, H. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In Proceedings of the IEEE 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 1. Apr 2001, pp. 338–347.