IP TRACEBACK FOR DENIAL OF SERVICE ATTACK PREVENTION
Dr. Heejo Lee
POSTECH and Purdue University
August 30, 2PM
Effective mitigation of denial of service (DoS) attacks is a pressing problem on the Internet. In many instances, DoS attacks can be prevented if the spoofed source IP address is traced back to its origin which allows assigning penalties to the offending party or isolating the compromised hosts and domains. In this talk, two IP traceback mechanisms will be presented and analyzed in various aspects of their effectiveness under DoS attacks. The first method is based on probabilistic packet marking (PPM) in which each router probabilistically inscribes its local path information onto a traversing packet using constant space, i.e., the same marking field is reused or overwritten. If the attack volume is sufficiently large, the attacker's location can be identified at the victim by inspecting the marking values of the received packets which corresponds to "sampling" of the attack path. Although maximally efficient, PPM is intrinsically vulnerable to forging of the marking field in the IP header which can impede traceback. We show that the attacker's ability to hide his location is a function of the marking probability, attack volume, and network topology, and is effectively curtailed in Internet-based WAN environments. The second method is based on filtering of spoofed packets using routing information among autonomous systems (AS). We propose a dynamic packet filtering mechanism running with filtering tables constructed from AS connectivity and routing policies, in particular, those affected by BGP. By using the connectivity and routing information, the range of spoofable addresses can be significantly reduced, and spoofed IP flows discarded before they can wreck havoc on the network system.
Heejo Lee is a postdoc at the Network Systems Lab and affiliated with CERIAS. This is joint work with Kihong Park.
A technical report describing PPM can be found at http://www.cs.purdue.edu/nsl/ppm-tech.ps.
The Network Systems Colloquium is sponsored by the Network Systems Lab at Purdue University. For further information, please contact Kihong Park (email@example.com or 765-494-7821).