Tracing the True Source of an IPv6 Datagram Using Policy Based Management System

Amin, Syed Obaid; Hong, Choong Seon; Kim, Ki Young

doi:10.1007/11876601_27

Tracing the True Source of an IPv6 Datagram Using Policy Based Management System

Syed Obaid Amin¹⁸,
Choong Seon Hong¹⁸ &
Ki Young Kim¹⁹

Conference paper

541 Accesses
1 Citations

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4238))

Abstract

In any (D)DoS attack, invaders may use incorrect or spoofed IP addresses in the attacking packets and thus disguise the factual origin of the attacks. Due to the stateless nature of the internet, it is an intricate problem to determine the source of these spoofed IP packets. This is where; we need the IP traceback mechanism i.e. identifying the true source of an IP datagram in internet. While many IP traceback techniques have been proposed, but most of the previous studies focus and offer solutions for DDoS attacks done on IPv4 environment. Significant differences exist between the IPv4 and IPv6 Networks for instance, absence of option in basic IPv6 header. Thus, the mechanisms of IP Traceback for IPv4 networks may not be applied to IPv6 networks. In this paper, we extended our previous work i.e. PPM for IPv6 and removed its drawback by using Policy Based IP Traceback (PBIT) mechanism. We also discussed problems related to previously proposed IPv4 traceback schemes and practical subtleties in implementing traceback techniques for IPv6 networks.

This work was supported by MIC and ITRC Project.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine 41(7) (July 2003)
Google Scholar
Savage, S., et al.: Network Support for IP Traceback. IEEE/ACM Trans. Net. 9(3), 226–237 (2001)
Article Google Scholar
Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings IEEE Infocomm 2001 (April 2001)
Google Scholar
Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, Tech. Rep. CSD-00-013, Department of Computer Sciences, Purdue University (June 2000)
Google Scholar
Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Schwartz, B., Kent, S., Strayer, W.: Single-packet IP traceback. ACM/IEEE Transactions on Networking (December 2002)
Google Scholar
Aljifri, H.: IP traceback: a new denial-of-service deterrent. Security & Privacy Magazine 1(3), 24–31 (2003)
Article Google Scholar
Waldvogel, M.: GOSSIB vs. IP Traceback Rumors. In: 18th Annual Computer Security Applications Conference (ACSAC 2002) (2002)
Google Scholar
Strayer, W.T., Jones, C.E., Tchakountio, F., Hain, R.R.: SPIE-IPv6: Single IPv6 Packet Traceback. In: 29th Annual IEEE International Conference on Local Computer Networks, 2004, November 16-18, pp. 118–125 (2004)
Google Scholar
Adler, M.: Tradeoffs in probabilistic packet marking for IP traceback. In: Proceedings of 34th ACM Symposium on Theory of Computing (STOC) (2002)
Google Scholar
Belenky, A., Ansari, N.: On IP traceback. IEEE Communications Magazine 41(7) (July 2003)
Google Scholar
Hong, C.S., Park, P.Y., Jiang, W.: DDoS Attack Defense Architecture Using Statistical Mechanism on Active Network Environment. Applied Cryptography and Network Security, 47–56 (June 2004)
Google Scholar
Westerinen, A., et al.: Terminology for Policy-Based Management, RFC3198, IETF (November 2001)
Google Scholar
http://en.wikipedia.org/wiki/Intrusion-detection_system
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Firewall_%28networking%29
Deering, S., Hinden, R.: Internet Protocol, Version 6 (IPv6) Specification, RFC 2460, IETF (December 1998)
Google Scholar
Amin, S.O., Kang, M.S., Hong, C.S.: A Lightweight IP Traceback Mechanism on IPv6. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D.Y., Jeong, Y.-S., Xu, C.-Z. (eds.) EUC Workshops 2006. LNCS, vol. 4097, pp. 671–680. Springer, Heidelberg (2006)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

School of Electronics and Information, Kyung Hee University, 1 Seocheon, Giheung, Yongin, Gyeonggi, 449-701, Korea
Syed Obaid Amin & Choong Seon Hong
Electornics and Telecommunications Research Institute, 161 Gajeong-dong, Yusung-gu, Daejeon, 350-700, Korea
Ki Young Kim

Authors

Syed Obaid Amin
View author publications
You can also search for this author in PubMed Google Scholar
Choong Seon Hong
View author publications
You can also search for this author in PubMed Google Scholar
Ki Young Kim
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dept. of Information & Communication Engineering, Graduate School, Yeungnam University, 214-1, Dae-Dong, Gyeongsan-Si, 712-749, Gyeongbook, Korea
Young-Tak Kim
NTT West Corporation, 6-2-82 Shimaya, 554-0024, Konohana-ku Osaka, Japan
Makoto Takano

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Amin, S.O., Hong, C.S., Kim, K.Y. (2006). Tracing the True Source of an IPv6 Datagram Using Policy Based Management System. In: Kim, YT., Takano, M. (eds) Management of Convergence Networks and Services. APNOMS 2006. Lecture Notes in Computer Science, vol 4238. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11876601_27

Download citation

DOI: https://doi.org/10.1007/11876601_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45776-3
Online ISBN: 978-3-540-46233-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics