Abstract
The problem of identifying the sources of a denial of service attack is among the hardest in the Internet security area, especially since attackers often use incorrect, or spoofed, source IP addresses. In this paper we present the results from a comparison between some of the most promising traceback techniques proposed to solve this problem. Our goal was to evaluate and analyze the most promising techniques on our way to find a more efficient approach. We have evaluated four different traceback approaches and summarized the results. Our own research was primary targeted at the iTrace approaches while the other approaches were evaluated based on the previous work. We conclude that there are two main disadvantages of the proposed approaches. First, the hop-by-hop path reconstruction is inefficient due to a significant computation overhead, or a long time spent for collecting the samples of the path. Second, the path reconstruction requires changes in the core routing structure that is not profitable. We also suggest a slightly modified version of iTrace approach, which aims at reducing the overhead imposed by such changes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
S. Lee and C. Shields, “Tracing the Source of Network Attack: A Technical, Legal and Societal Problem”, Proc. of the 2001 Workshop on Information Assurance and Security, June 2001, United States Military Academy, West Point, NY, pp 239–246, http://www.research.att.lists/ietfitrace/2000/09/msg00044.htm
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, “Practical Network Support for IP Traceback”, Proc. of the ACM SIGCOMM conference, August 2000, Stockholm, Sweden, Computer Communication Review Vol. 30, No 4, October 2000, pp. 295–306, http://www.es.washington.edu/homes/savage/papers/SigcommOO.ps
Dawn X. Song and Adrian Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. of the IEEE infocom conference, april 2001, Anchorage, Alaska, http://paris.cs.berkeley.edu/~perrig/projects/iptraceback/tr-iptrace.pdf
David Moore, Geoffrey M. Voelker and Stefan Savage, “Inferring Internet Denial-of-Service Activity”, Proc of the 10th USENIX Security Symposium, August 2001, Washington D.C., http://www.caida.org/outreach/papers/2001/BackScatter/usenixsecurity01.pdf
Steven M. Bellovin, “ICMP Traceback Messages”, Internet Draft: draft-bellovin-itrace-00.txt, submitted Mar. 2000, expiration date Sep. 2000, http://www.research,att.com/~smb/papers/draft-bellovin-itrace-0 0.txt
S. Felix Wu, Lixia Zhang, Dan Massey, Allison Mankin, “Intention-Driven ICMP Trace-back”, Internet Draft: draft-wu-itrace-intention-00.txt, submission date Feb. 2001, expiration date Aug. 2001, http://www.ietf.org/internet-drafts/draft-ietf-itrace-intention-00.txt
Allison Mankin, Dan Massey, Chien-Long Wu, S. Felix Wu, Lixia Zhang, “On Design and Evaluation of Intention-Driven ICMP Traceback”, Proc. of 10th IEEE International Conference on Computer Communications and Networks, Oct.2001, Scotsdale Arizona, http://irl.cs.ucla.edu/papers/Intention-iTrace.pdf
Alex Snoeren et al., “Hash-Based IP Traceback”, Proc. of the ACM SIGCOMM conference •2001, San Diego, CA, Computer Communication Review Vol. 31, No 4, October 2001, pp. 3–14, http://nms.lcs.mit.edu/~snoeren/papers/spie-sigcomm.pdf
Drew Dean, Matt Franklin, Adam Stubblefield, “An Algebraic Approach to IP Trace-back”, Xerox PARC, Rice University, August 2000, http://www.cs.rice.edu/~astubble/algtrace.pdf
The Network Simulator-ns-2, http://www.isi.edu/nsnam/ns
Vern Paxson, “An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks”, ACM SIGCOMM Computer Communication Review Vol. 31, No 3, July 2001, http://www.acm.org/sigcomm/ccr/archive/2001/jul01/ccr-200107-paxson.pdf
Robert Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of the 9th USENIX Security Symposium, Aug 2000, http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/stone/stone.pdf
P. Fergusson and D. Seine, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, RFC2827, May 2000, http://www.ietf.org/rfc/rfc2827.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kuznetsov, V., Sandström, H., Simkin, A. (2002). An Evaluation of Different IP Traceback Approaches. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_4
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive