Title :
Vulnerability analysis of IP traceback schemes
Author :
Cai, Lin ; Pan, Jianping ; Shen, Sherman X.
Author_Institution :
Victoria Univ., BC, Canada
fDate :
28 Nov.-2 Dec. 2005
Abstract :
Distributed denial-of-service attacks pose a serious threat to today´s Internet. To counter these attacks, many IP traceback schemes have been proposed; among them, distance-indexed probabilistic packet marking and its variants are attractive due to their stateless, low-overhead and incrementally-deployable design. However, some schemes may become vulnerable in practice, and the implication is yet to be quantified. In this paper, we first reveal these vulnerabilities. Sustained by efficacy analysis and numerical results, we then design several exploits that allow attackers to take full advantage of these vulnerabilities. We also examine the causes of these vulnerabilities as well as possible remedies, and discuss the distance-related buffer overflow in the context of network protocols.
Keywords :
IP networks; Internet; numerical analysis; protocols; IP traceback schemes; Internet; distance-indexed probabilistic packet marking; distance-related buffer overflow; distributed denial-of-service attacks; network protocols; vulnerability analysis; Buffer overflow; Computer crime; Counting circuits; Data structures; Protocols; TCPIP; Web and internet services;
Conference_Titel :
Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE
Print_ISBN :
0-7803-9414-3
DOI :
10.1109/GLOCOM.2005.1577960
