Abstract
This paper describes a technique for tracing attacks back toward the attackers somewhere in the Internet. There are many solutions existing for IP traceback problem, such as packet marking and algebraic approach. Many of them are not efficient and work under some unreasonable assumptions. The “Island Hopping Packet Marking (IHPM)” algorithm, truly incorporating the combination of the best features of the edge/node sampling and the cut vertex, is able to counter those disputed assumptions and provides great performance to reconstruct attacking paths with fewer collected packets under multiple attacks. The assessing of IHPM performance on IXP425 network processor shows the practical feasibility in routers implementations. Such a technique can provide a key answer required for advancing the state-of-the-art in DDoS mitigation and defenses in a realistic environment.
This work was sponsored by NSC grant 93-2219-E-194-006 and Intel Taiwan.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Thulasiraman, K., Swamy, M.N.S.: Graphs: Theory and algorithms. Wiley-Interscience, Chichester (1992)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. ACM/IEEE Transactions on Networking 9(3) (June 2001)
Doeppner, T.W., Klein, P.N., Koyfman, A.: Using Router Stamping to Identify the Source of IP Packets. In: Proc. of 7th ACM Conference on Computer and Communications Security (November 2000)
Cheng, B.-C., Huang, C.-F., Tsao, E.-K.: IHPM: A Fast Pathfinder and Intrusion Source Identifier for DDoS Attacks. In: de di Capitani Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679. Springer, Heidelberg (submitted, 2005)
Farrow, R.: Spoofing source addresses, http://www.spirit.com/Network/net0300.html
Kim, J., Radhakrishnan, S., Dhall, S.K.: On Intrusion Source Identification. In: 2nd IASTED International Conference on Communications, Internet and Information Technology, November 17-19 (2003)
Wehrle, K., Pählke, F., Ritter, H., Müller, D., Bechler, M.: The Linux® Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel, 1st edn. Prentice Hall, Upper Saddle River (2004)
Intel IXP 425 Network Processor, http://developer.intel.com/design/network/products/npfamily/ixp425.htm
RFC 791 Internet Protocol, http://www.ietf.org/rfc/rfc0791.txt
Intel® IXP400 Software Programmer’s Guide 1.5 edn., ftp://download.intel.com/design/network/manuals/252539_v1_5.pdf
Bellovin, S.M.: ICMP Traceback Messages, Internet Draft: draft-bellovin-itrace-00.txt (submitted, March 2000), Expiration date (September 2000), http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt
Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. In: Proceedings of NDSS 2001 (February 2001)
Chung, K.L.: Elementary Probability Theory with Stochastic Processes, ch. 6, 3rd edn., p. 159. Springer, New York (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, BC., Huang, CF., Chang, WC., Wu, CS. (2006). Developing and Implementing IHPM on IXP 425 Network Processor Platforms. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_17
Download citation
DOI: https://doi.org/10.1007/11604938_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31012-9
Online ISBN: 978-3-540-33153-7
eBook Packages: Computer ScienceComputer Science (R0)