On design and evaluation of "intention-driven" ICMP traceback

Mankin, Allison; Massey, Daniel; Wu, Chieh-Chen; Wu, S. Felix; Zhang, Lixia

doi:10.1109/icccn.2001.956234

Cited by 106 publications

(78 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This approach has been extended by Song and Perrig to improve the reconstruction of paths and authenticate the encodings [12]. In order to avoid the backwards compatibility issues and increased computation re-quired by the sophisticated encoding schemes employed in the packet marking schemes, Bellovin's scheme (and later "intentional" extension [13]) simply sends the audit information in an ICMP message.…”

Section: A End-host Storagementioning

confidence: 99%

Single-packet IP traceback

Snoeren¹,

Partridge²,

Sánchez³

et al. 2002

IEEE/ACM Trans. Networking

352

237

View full text Add to dashboard Cite

Abstract-The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

show abstract

Section: A End-host Storagementioning

confidence: 99%

Single-packet IP traceback

Snoeren¹,

Partridge²,

Sánchez³

et al. 2002

IEEE/ACM Trans. Networking

352

237

View full text Add to dashboard Cite

show abstract

“…Bellovin et al suggested adding a new type of ICMP message for traceback [25], [26], and Mankin et al present an improvement to this scheme [27]. Several researchers propose to embed traceback information within the IP packet [28], [29], [30], [31], [32], [33], [34], [35], [36].…”

Section: Background and Related Workmentioning

confidence: 99%

StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense

Yaar

Perrig

Song

2006

IEEE J. Select. Areas Commun.

152

View full text Add to dashboard Cite

Abstract-Today's Internet hosts are threatened by large scale Distributed Denial-of-Service (DDoS) attacks. The Path Identification (Pi) DDoS defense scheme has been recently proposed as a deterministic packet marking scheme that allows a DDoS victim to filter out attack packets on a per packet basis with high accuracy after only a few attack packets are received [1].In this paper, we propose the StackPi marking, a new packet marking scheme based on Pi, and new filtering mechanisms. The StackPi marking scheme consists of two new marking methods that substantially improve Pi's incremental deployment performance: Stack based marking and Write-ahead marking. Our scheme almost completely eliminates the effect of legacy routers in small quantities and performs 2-4 times better than the original Pi scheme with large quantities. For the filtering mechanism, we derive an optimal threshold strategy for filtering with the Pi marking. We also develop a new filter, the PiIP filter, which can be used to detect IP spoofing attacks with just a single attack packet.Finally, we discuss in detail StackPi's compatibility with IP Fragmentation, applicability in an IPv6 environment, and several other important issues relating to potential deployment of StackPi.Index Terms-Security, system design, distributed denial of service defense, DDoS.

show abstract

“…The Time To Live (TTL) field is then used to identify the actual path depth of the attack. Based on packet messaging, there are some variants proposed: intension-driven iTrace [40] and iCaddie ICMP [41].…”

Section: Traceback With Packet Messagingmentioning

confidence: 99%

Overview of Traceback Mechanisms and Their Applicability

Youm

2011

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs an increasing number of businesses and services depend on the Internet, protecting them against DDoS (Distributed Denial of Service) attacks becomes a critical issue. A traceback is used to discover technical information concerning the ingress points, paths, partial paths or sources of a packet or packets causing a problematic network event. The traceback mechanism is a useful tool to identify the attack source of the (DDoS) attack, which ultimately leads to preventing against the DDoS attack. There are numerous traceback mechanisms that have been proposed by many researchers. In this paper, we analyze the existing traceback mechanisms, describe the common security capabilities of traceback mechanisms, and evaluate them in terms of the various criteria. In addition, we identify typical application of traceback mechanisms.

show abstract

On design and evaluation of "intention-driven" ICMP traceback

Cited by 106 publications

References 4 publications

Single-packet IP traceback

Single-packet IP traceback

StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense

Overview of Traceback Mechanisms and Their Applicability

Contact Info

Product

Resources

About