On the state of IP spoofing defense

Ehrenkranz, Toby; Li, Jun

doi:10.1145/1516539.1516541

Cited by 76 publications

(45 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Otherwise, the investigation shall have to investigate all IP addresses and request logs from all servers. It may be very difficult to track a sender from the IP address if the sender has tampered IP address at packet level (Ehrenkranz et al 2009). Once the source of the e-mail message under investigation has been determined or some one is strongly suspected for being the source, his or her computer, e-mail client software, web browser, etc.…”

Section: Discussionmentioning

confidence: 99%

Technology Corner: Analysing E-Mail Headers for Forensic Investigation

Banday¹

2011

JDFSL

View full text Add to dashboard Cite

Electronic Mail (E-Mail), which is one of the most widely used applications of Internet, has become a global communication infrastructure service. However, security loopholes in it enable cybercriminals to misuse it by forging its headers or by sending it anonymously for illegitimate purposes, leading to e-mail forgeries. E-mail messages include transit handling envelope and trace information in the form of structured fields which are not stripped after messages are delivered, leaving a detailed record of e-mail transactions. A detailed header analysis can be used to map the networks traversed by messages, including information on the messaging software and patching policies of clients and gateways, etc. Cyber forensic e-mail analysis is employed to collect credible evidence to bring criminals to justice. This paper projects the need for e-mail forensic investigation and lists various methods and tools used for its realization. A detailed header analysis of a multiple tactic spoofed e-mail message is carried out in this paper. It also discusses various possibilities for detection of spoofed headers and identification of its originator. Further, difficulties that may be faced by investigators during forensic investigation of an e-mail message have been discussed along with their possible solutions.

show abstract

Section: Discussionmentioning

confidence: 99%

Technology Corner: Analysing E-Mail Headers for Forensic Investigation

Banday¹

2011

JDFSL

View full text Add to dashboard Cite

show abstract

“…However, the drawback is that it needs both the communication parties's support and the overhead caused by IPSec is also a noticeable issue. It is ineffective at mitigating a bandwidth-based DoS attack, which may in fact exacerbate the problem, since initializing a connection may require more resource when using IPSec than not [16].…”

Section: Related Workmentioning

confidence: 99%

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Ruan

Wang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme.

show abstract

“…The attackers can send spoofed packets, i.e., packets with fake (spoofed) sender IP address. Due to ingress filtering [4,14,21] and other anti-spoofing measures, IP spoofing is less commonly available than before, but still feasible, see [2,11]. Apparently, there is still a significant number of ISPs that do not perform ingress filtering for their clients (especially to multihomed customers).…”

Section: Modelmentioning

confidence: 99%

Spying in the Dark: TCP and Tor Traffic Analysis

Gilad

Herzberg

2012

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. We show how to exploit side-channels to identify clients without eavesdropping on the communication to the server, and without relying on known, distinguishable traffic patterns. We present different attacks, utilizing different side-channels, for two scenarios: a fully offpath attack detecting TCP connections, and an attack detecting Tor connections by eavesdropping only on the clients. Our attacks exploit three types of side channels: globally-incrementing IP identifiers, used by some operating systems, e.g., in Windows; packet processing delays, which depend on TCP state; and bogus-congestion events, causing impact on TCP's throughput (via TCP's congestion control mechanism). Our attacks can (optionally) also benefit from sequential port allocation, e.g., deployed in Windows and Linux. The attacks are practical -we present results of experiments for all attacks in different network environments and scenarios. We also present countermeasures for these attacks.

show abstract

On the state of IP spoofing defense

Cited by 76 publications

References 30 publications

Technology Corner: Analysing E-Mail Headers for Forensic Investigation

Technology Corner: Analysing E-Mail Headers for Forensic Investigation

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Spying in the Dark: TCP and Tor Traffic Analysis

Contact Info

Product

Resources

About