Survey on packet marking fields and information for IP traceback

Vasseur, Marion; Chen, Xiuzhen; Khatoun, Rida; Serhrouchni, Ahmed

doi:10.1109/ssic.2015.7245326

Cited by 3 publications

(2 citation statements)

References 29 publications

(62 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The hop count was then used to decide if the packet would be marked in that router. According to , studies that use TTL field for marking should take serious precautions because the packet is dropped if the TTL value reaches zero. A study in proposed a passive IP traceback mechanism for tracking the spoofers locations based on the error messages of Internet Control Message Protocol that may be triggered by spoofing traffic.…”

Section: Related Workmentioning

confidence: 99%

Traceback model for identifying sources of distributed attacks in real time

Ahmed

Sadiq

Zolkipli

2016

Security Comm Networks

View full text Add to dashboard Cite

Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets. Copyright

show abstract

Section: Related Workmentioning

confidence: 99%

Traceback model for identifying sources of distributed attacks in real time

Ahmed

Sadiq

Zolkipli

2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…As the number of users are growing, the crime is also growing. Many techniques like input debugging, controlled flooding and ICMP messaging have been developed to identify attackers 1,4 but none of these techniques have been succeeded. To find the DDoS attackers the only method is IP traceback because the source address can be spoofed.…”

Section: Introductionmentioning

confidence: 99%

Survey on Packet Marking Algorithms for IP Traceback

2017

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

show abstract