SlideShare una empresa de Scribd logo

Overview of IP traceback mechanism

ibnu mubarok
ibnu mubarok

Overview of IP traceback mechanism and their applicability

Tecnología
1 de 19
Overview of Traceback Mechanism a nd Their Applicability IEICE Transactions on Information and Systems, Volume E94.D, Issue 11, pp. 2077-2086 (2011) Heung-Youl Youm Ibnu Mubarok – 2012.04.09
Introduction • Goal of the paper – overview. – base understanding of existing traceback mechanism • IP Traceback • Taxonomy • Existing traceback mechanism • Comparison • Conclusion
IP Traceback • Locate the origin of a packet. • It’s complicated since IP address can be forged or spoofed. • IP Traceback used only for identification of the sources of the offending packets during and after the attack. • Mainly used to trace the DDoS, where the packet (attacker) came from. • In general, IP traceback is not limited only to DoS and DDoS attacks.
Taxonomy • Taxonomy of traceback in Autonomous System – Intra-AS – Inter-AS • Capabilities of traceback mechanism • Currently there are proposed standards being reviewed in ITU-T
Controlled Flooding • Generating a burst of network traffic from the victim’s network to the upstream network segments. • Observe the effect of this flooding. • Flooding a link will cause all packets, including packets from the attacker, to be dropped with the same probability. • if a given link were flooded, and packets from the attacker slowed, then this link must be part of the attack path. • Do this recursively to upstream routers until the attack path is discovered. • Only valid for DoS attacks
Controlled Flooding
Input Debugging • Link-testing mechanism • Already exist on many routers • Router aware of common characteristic of the attack packet (signature) • Repeated hop-by-hop at every upstream router in network until the source or another ISP is reached
Overlay Network – (Center Track) • Forwards packets to a certain network point where they are monitored in the network • The tracking router (TR) monitors all traffic that passes through the network.
Probabilistic Packet Marking • Routers mark packets that pass through them with their addresses, a part of their addresses or edge (marking) • Those modified packets are analyzed at the victim node for path reconstruction. • This scheme is aimed primarily at DoS and DDoS attack as it needs many attack packets to reconstruct the full path. • It use 16-bit identification field in IP header to store router’s address. • Not every packet, but some packet with certain probability (ex 1/25)
Probabilistic Packet Marking
Deterministic Packet Marking • Only the ingress router on the attack path marks every packet passing through it with its router IP address.
Packet Messaging - ICMP Traceback (iTrace) • Every router on the network is pick a packet probabilistically and generate an ICMP traceback message directed to the same destination as the selected packet. • The iTrace message consists of the next and previous hop information, and a timestamp • TTL field is set to 255, and is then used to identify the actual path of the attack
Packet Messaging - ICMP Traceback
Packet Logging – (hash based) • Packet Logging  Each router logs information (signature) of all IP packets that traverse through it  Enormous amount of storage space • Stores 20 byte IPv4 header + 8 byte payload = 28 byte packet information • Using hash followed by Bloom filtering process  reduced size + provide privacy against eavesdropping • Every router captures partial packet information of every packet that passes through the route, to be able in the future to determine if that packet passed through it. • Three function in SPIE : • STM • SCAR • DGA
Hybrid Traceback • Combines the some traceback technique • Packet Marking + Packet Logging • Partially record network path information at routers and in packets. • DLL ( Distributed Link-List ) : store, mark, forward • Fixed size marking field is allocated in each packet.
Evaluation Criteria • Degree of ISP involvement • Number of packets required for traceback • Memory requirement • Processing overhead for traceback • Degree of bandwidth increase • Ability to handles massive DDoS attacks • Misuse by attacker • Knowledge of network topology • Robustness of traceback • Effect of partial deployment • Scalability • Number of functions needed to implement traceback • Capability to trace transformed packets
Comparison of IP Traceback Mechanism
Application of Traceback Mechanism
Conclusion • Practical way to track the massive DDoS is to use a Traceback technique. • For the problem of IP traceback, several solutions have been proposed. Each has its own advantages and disadvantages. No ideal scheme. • Current technology has good Intrusion detection and prevention systems for protect system. Do we really need a ‘location’ of the attacker too? Is it only for Law enforcement and military people this traceback thing?

Recomendados

Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic uploadSetia Juli Irzal Ismail
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityDr. Ahmed Al Zaidy
 
Trusted systems
Trusted systemsTrusted systems
Trusted systemsahmad abdelhafeez
 

Recomendados

Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic uploadSetia Juli Irzal Ismail
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityDr. Ahmed Al Zaidy
 
Trusted systems
Trusted systemsTrusted systems
Trusted systemsahmad abdelhafeez
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsProposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsSeddiq Q. Abd Al-Rahman
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1RanjithKumar428
 
Steganography ppt
Steganography pptSteganography ppt
Steganography pptTaha Malampatti
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocolAung Thu Rha Hein
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Steganography
SteganographySteganography
SteganographyNeha Sharma
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
IOS security
IOS securityIOS security
IOS securitybakhti rahman
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
IoT heap 1
IoT heap 1IoT heap 1
IoT heap 1SushrutaMishra1
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL? Shehzad Imran
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Ip trace ppt
Ip trace pptIp trace ppt
Ip trace pptdeepakmarndi
 

Más contenido relacionado

La actualidad más candente

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsProposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsSeddiq Q. Abd Al-Rahman
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 

La actualidad más candente (20)

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsProposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
 
Network security
Network security Network security
Network security
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
 
Steganography ppt
Steganography pptSteganography ppt
Steganography ppt
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocol
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Steganography
SteganographySteganography
Steganography
 
What is NAC
What is NACWhat is NAC
What is NAC
 
IOS security
IOS securityIOS security
IOS security
 
FireWall
FireWallFireWall
FireWall
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
IoT heap 1
IoT heap 1IoT heap 1
IoT heap 1
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 

Destacado

Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Passive ip traceback disclosing the locations
Passive ip traceback disclosing the locationsPassive ip traceback disclosing the locations
Passive ip traceback disclosing the locationsjpstudcorner
 
Tracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerTracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerVere Software
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackIJAEMSJORNAL
 
Tracing an email by Amin Pathan
Tracing an email by Amin PathanTracing an email by Amin Pathan
Tracing an email by Amin Pathanaminpathan11
 
Everything You Need to Know About Increasing Donor and Board Member Engagemen...
Everything You Need to Know About Increasing Donor and Board Member Engagemen...Everything You Need to Know About Increasing Donor and Board Member Engagemen...
Everything You Need to Know About Increasing Donor and Board Member Engagemen...Bloomerang
 
Mapa conceptual.MAPA CONCEPTUAL.
Mapa conceptual.MAPA CONCEPTUAL.Mapa conceptual.MAPA CONCEPTUAL.
Mapa conceptual.MAPA CONCEPTUAL.vergelp96
 
Web 2.0, Social Web - ist doch alles nur heiße Luft!
Web 2.0, Social Web - ist doch alles nur heiße Luft!Web 2.0, Social Web - ist doch alles nur heiße Luft!
Web 2.0, Social Web - ist doch alles nur heiße Luft!Sandra Schön (aka Schoen)
 
aly hegazi CV
aly hegazi CV aly hegazi CV
aly hegazi CV ALI khlifA
 
Target Audience Research
Target Audience ResearchTarget Audience Research
Target Audience Researchmegabytes301198
 
Résumé of Sarower Hossain Arif_30.11.2016
Résumé of Sarower Hossain Arif_30.11.2016Résumé of Sarower Hossain Arif_30.11.2016
Résumé of Sarower Hossain Arif_30.11.2016Sarwer Hossain Arif
 
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリstucon
 
Articulo de Revision hemangioma nasal tip
Articulo de Revision hemangioma nasal tipArticulo de Revision hemangioma nasal tip
Articulo de Revision hemangioma nasal tipAngel Castro Urquizo
 
Future of Wearable Tech 2014 (PSFK, IQ Intel)
Future of Wearable Tech 2014 (PSFK, IQ Intel)Future of Wearable Tech 2014 (PSFK, IQ Intel)
Future of Wearable Tech 2014 (PSFK, IQ Intel)Vasily Ryzhonkov
 
Joint Session Current and Future Potential of Video in Car Dealerships
Joint Session Current and Future Potential of Video in Car DealershipsJoint Session Current and Future Potential of Video in Car Dealerships
Joint Session Current and Future Potential of Video in Car Dealershipskarinabradley
 

Destacado (20)

Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
 
Ip trace ppt
Ip trace pptIp trace ppt
Ip trace ppt
 
Passive ip traceback disclosing the locations
Passive ip traceback disclosing the locationsPassive ip traceback disclosing the locations
Passive ip traceback disclosing the locations
 
Tracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerTracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary Kessler
 
Web spoofing
Web spoofingWeb spoofing
Web spoofing
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
 
Tracing an email by Amin Pathan
Tracing an email by Amin PathanTracing an email by Amin Pathan
Tracing an email by Amin Pathan
 
Everything You Need to Know About Increasing Donor and Board Member Engagemen...
Everything You Need to Know About Increasing Donor and Board Member Engagemen...Everything You Need to Know About Increasing Donor and Board Member Engagemen...
Everything You Need to Know About Increasing Donor and Board Member Engagemen...
 
Mapa conceptual.MAPA CONCEPTUAL.
Mapa conceptual.MAPA CONCEPTUAL.Mapa conceptual.MAPA CONCEPTUAL.
Mapa conceptual.MAPA CONCEPTUAL.
 
Web 2.0, Social Web - ist doch alles nur heiße Luft!
Web 2.0, Social Web - ist doch alles nur heiße Luft!Web 2.0, Social Web - ist doch alles nur heiße Luft!
Web 2.0, Social Web - ist doch alles nur heiße Luft!
 
aly hegazi CV
aly hegazi CV aly hegazi CV
aly hegazi CV
 
Target Audience Research
Target Audience ResearchTarget Audience Research
Target Audience Research
 
Résumé of Sarower Hossain Arif_30.11.2016
Résumé of Sarower Hossain Arif_30.11.2016Résumé of Sarower Hossain Arif_30.11.2016
Résumé of Sarower Hossain Arif_30.11.2016
 
Ref Usa Cheat Sheet
Ref Usa Cheat SheetRef Usa Cheat Sheet
Ref Usa Cheat Sheet
 
テストとは
テストとはテストとは
テストとは
 
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ
会社評価サイトを通じた 新卒&第二新卒斡旋スマホアプリ
 
Articulo de Revision hemangioma nasal tip
Articulo de Revision hemangioma nasal tipArticulo de Revision hemangioma nasal tip
Articulo de Revision hemangioma nasal tip
 
Future of Wearable Tech 2014 (PSFK, IQ Intel)
Future of Wearable Tech 2014 (PSFK, IQ Intel)Future of Wearable Tech 2014 (PSFK, IQ Intel)
Future of Wearable Tech 2014 (PSFK, IQ Intel)
 
2° basico b semana del 25 al 29 de abril
2° basico b semana del 25 al 29 de abril2° basico b semana del 25 al 29 de abril
2° basico b semana del 25 al 29 de abril
 
Joint Session Current and Future Potential of Video in Car Dealerships
Joint Session Current and Future Potential of Video in Car DealershipsJoint Session Current and Future Potential of Video in Car Dealerships
Joint Session Current and Future Potential of Video in Car Dealerships
 

Similar a Overview of IP traceback mechanism

Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion TechniquesTudor Damian
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksReliance Comm
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Sasank Chaitanya
 
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet MulticastingNP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicastinghamsa nandhini
 
Final Presentation on the Network layer
Final Presentation on the Network layerFinal Presentation on the Network layer
Final Presentation on the Network layerZee Haak
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...Ijripublishers Ijri
 
Lecture number 5 Theory.pdf(machine learning)
Lecture number 5 Theory.pdf(machine learning)Lecture number 5 Theory.pdf(machine learning)
Lecture number 5 Theory.pdf(machine learning)ZainabShahzad9
 
Chapter 4 internetworking [compatibility mode]
Chapter 4 internetworking [compatibility mode]Chapter 4 internetworking [compatibility mode]
Chapter 4 internetworking [compatibility mode]Sĩ Anh Nguyễn
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPROIDEA
 
NetSim Webinar on Network Attacks and Detection
NetSim Webinar on Network Attacks and DetectionNetSim Webinar on Network Attacks and Detection
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
 

Similar a Overview of IP traceback mechanism (20)

Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion Techniques
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
 
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet MulticastingNP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Final Presentation on the Network layer
Final Presentation on the Network layerFinal Presentation on the Network layer
Final Presentation on the Network layer
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...
 
IP Multicast Routing
IP Multicast RoutingIP Multicast Routing
IP Multicast Routing
 
1Routing Basics.pdf
1Routing Basics.pdf1Routing Basics.pdf
1Routing Basics.pdf
 
Lecture number 5 Theory.pdf(machine learning)
Lecture number 5 Theory.pdf(machine learning)Lecture number 5 Theory.pdf(machine learning)
Lecture number 5 Theory.pdf(machine learning)
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
Isys20261 lecture 06
Isys20261 lecture 06Isys20261 lecture 06
Isys20261 lecture 06
 
Chapter 4 internetworking [compatibility mode]
Chapter 4 internetworking [compatibility mode]Chapter 4 internetworking [compatibility mode]
Chapter 4 internetworking [compatibility mode]
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
1.SNORT.pdf
1.SNORT.pdf1.SNORT.pdf
1.SNORT.pdf
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
NetSim Webinar on Network Attacks and Detection
NetSim Webinar on Network Attacks and DetectionNetSim Webinar on Network Attacks and Detection
NetSim Webinar on Network Attacks and Detection
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Overview of IP traceback mechanism

  • 1. Overview of Traceback Mechanism a nd Their Applicability IEICE Transactions on Information and Systems, Volume E94.D, Issue 11, pp. 2077-2086 (2011) Heung-Youl Youm Ibnu Mubarok – 2012.04.09
  • 2. Introduction • Goal of the paper – overview. – base understanding of existing traceback mechanism • IP Traceback • Taxonomy • Existing traceback mechanism • Comparison • Conclusion
  • 3. IP Traceback • Locate the origin of a packet. • It’s complicated since IP address can be forged or spoofed. • IP Traceback used only for identification of the sources of the offending packets during and after the attack. • Mainly used to trace the DDoS, where the packet (attacker) came from. • In general, IP traceback is not limited only to DoS and DDoS attacks.
  • 4. Taxonomy • Taxonomy of traceback in Autonomous System – Intra-AS – Inter-AS • Capabilities of traceback mechanism • Currently there are proposed standards being reviewed in ITU-T
  • 5. Controlled Flooding • Generating a burst of network traffic from the victim’s network to the upstream network segments. • Observe the effect of this flooding. • Flooding a link will cause all packets, including packets from the attacker, to be dropped with the same probability. • if a given link were flooded, and packets from the attacker slowed, then this link must be part of the attack path. • Do this recursively to upstream routers until the attack path is discovered. • Only valid for DoS attacks
  • 7. Input Debugging • Link-testing mechanism • Already exist on many routers • Router aware of common characteristic of the attack packet (signature) • Repeated hop-by-hop at every upstream router in network until the source or another ISP is reached
  • 8. Overlay Network – (Center Track) • Forwards packets to a certain network point where they are monitored in the network • The tracking router (TR) monitors all traffic that passes through the network.
  • 9. Probabilistic Packet Marking • Routers mark packets that pass through them with their addresses, a part of their addresses or edge (marking) • Those modified packets are analyzed at the victim node for path reconstruction. • This scheme is aimed primarily at DoS and DDoS attack as it needs many attack packets to reconstruct the full path. • It use 16-bit identification field in IP header to store router’s address. • Not every packet, but some packet with certain probability (ex 1/25)
  • 11. Deterministic Packet Marking • Only the ingress router on the attack path marks every packet passing through it with its router IP address.
  • 12. Packet Messaging - ICMP Traceback (iTrace) • Every router on the network is pick a packet probabilistically and generate an ICMP traceback message directed to the same destination as the selected packet. • The iTrace message consists of the next and previous hop information, and a timestamp • TTL field is set to 255, and is then used to identify the actual path of the attack
  • 13. Packet Messaging - ICMP Traceback
  • 14. Packet Logging – (hash based) • Packet Logging  Each router logs information (signature) of all IP packets that traverse through it  Enormous amount of storage space • Stores 20 byte IPv4 header + 8 byte payload = 28 byte packet information • Using hash followed by Bloom filtering process  reduced size + provide privacy against eavesdropping • Every router captures partial packet information of every packet that passes through the route, to be able in the future to determine if that packet passed through it. • Three function in SPIE : • STM • SCAR • DGA
  • 15. Hybrid Traceback • Combines the some traceback technique • Packet Marking + Packet Logging • Partially record network path information at routers and in packets. • DLL ( Distributed Link-List ) : store, mark, forward • Fixed size marking field is allocated in each packet.
  • 16. Evaluation Criteria • Degree of ISP involvement • Number of packets required for traceback • Memory requirement • Processing overhead for traceback • Degree of bandwidth increase • Ability to handles massive DDoS attacks • Misuse by attacker • Knowledge of network topology • Robustness of traceback • Effect of partial deployment • Scalability • Number of functions needed to implement traceback • Capability to trace transformed packets
  • 17. Comparison of IP Traceback Mechanism
  • 19. Conclusion • Practical way to track the massive DDoS is to use a Traceback technique. • For the problem of IP traceback, several solutions have been proposed. Each has its own advantages and disadvantages. No ideal scheme. • Current technology has good Intrusion detection and prevention systems for protect system. Do we really need a ‘location’ of the attacker too? Is it only for Law enforcement and military people this traceback thing?

Notas del editor

  1. The ISP has to perform a traceback as well as identify the attack completely on its own.
  2. THIS