Authenticated autonomous system traceback

18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004. Pub Date : 2004-03-29 DOI:10.1109/AINA.2004.1283944

V. Paruchuri, A. Durresi, R. Kannan, S. Iyengar

{"title":"Authenticated autonomous system traceback","authors":"V. Paruchuri, A. Durresi, R. Kannan, S. Iyengar","doi":"10.1109/AINA.2004.1283944","DOIUrl":null,"url":null,"abstract":"The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet making the defense against distributed denial of service attacks one of the hardest problems on the Internet today. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring every router's participation. For many reasons this requirement is impractical and the victim ends up with an approximate location of the attacker. Reconstruction of the whole path is also very difficult owing to the sheer size of the Internet. This paper presents lightweight schemes for tracing back to the attack-originating AS instead to the exact origin itself. Once the attack-originating AS is determined, all further routers in the path to the attacker are within that AS and under the control of a single entity; which can presumably monitor local traffic in a more direct way than a generalized, Internet scale, packet marking scheme can. We also provide a scheme to prevent compromised routers from forging markings.","PeriodicalId":186142,"journal":{"name":"18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2004.1283944","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

Abstract

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet making the defense against distributed denial of service attacks one of the hardest problems on the Internet today. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring every router's participation. For many reasons this requirement is impractical and the victim ends up with an approximate location of the attacker. Reconstruction of the whole path is also very difficult owing to the sheer size of the Internet. This paper presents lightweight schemes for tracing back to the attack-originating AS instead to the exact origin itself. Once the attack-originating AS is determined, all further routers in the path to the attacker are within that AS and under the control of a single entity; which can presumably monitor local traffic in a more direct way than a generalized, Internet scale, packet marking scheme can. We also provide a scheme to prevent compromised routers from forging markings.

查看原文本刊更多论文

经过身份验证的自治系统回溯

IP协议的设计使得可靠地识别IP数据包的发起者变得困难，这使得防御分布式拒绝服务攻击成为当今Internet上最难的问题之一。以前针对这个问题的解决方案试图通过要求每个路由器的参与来追溯攻击的确切起源。由于许多原因，这个要求是不切实际的，受害者最终会得到攻击者的大致位置。由于互联网的庞大规模，整个路径的重建也非常困难。本文提出了一种轻量级的方案，用于跟踪攻击起源的AS，而不是精确的起源本身。一旦确定了发起攻击的自治系统，到达攻击者的路径上的所有路由器都在该自治系统内，并受单个实体的控制;它可以比通用的、互联网规模的分组标记方案更直接地监控本地流量。我们还提供了一种方案来防止受损路由器伪造标记。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.

自引率

0.00%

发文量