Authenticated autonomous system traceback

Author

Paruchuri, Vamsi ; Durresi, Arjan ; Kannan, Rajgopal ; Iyengar, S. Sitharama

Author_Institution

Dept. of Comput. Sci., Louisiana State Univ., Baton Rouge, LA, USA

Volume

1

fYear

2004

fDate

2004

Firstpage

406

Abstract

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet making the defense against distributed denial of service attacks one of the hardest problems on the Internet today. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring every router´s participation. For many reasons this requirement is impractical and the victim ends up with an approximate location of the attacker. Reconstruction of the whole path is also very difficult owing to the sheer size of the Internet. This paper presents lightweight schemes for tracing back to the attack-originating AS instead to the exact origin itself. Once the attack-originating AS is determined, all further routers in the path to the attacker are within that AS and under the control of a single entity; which can presumably monitor local traffic in a more direct way than a generalized, Internet scale, packet marking scheme can. We also provide a scheme to prevent compromised routers from forging markings.

Keywords

Internet; authorisation; message authentication; packet switching; routing protocols; telecommunication security; transport protocols; IP packet; IP protocol; Internet; authentication; autonomous system traceback; distributed denial-of-service; network security; packet marking; service attacks; traffic monitoring; Communication system traffic control; Computer crime; IP networks; Monitoring; Protocols; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on

Print_ISBN

0-7695-2051-0

Type

conf

DOI

10.1109/AINA.2004.1283944

Filename

1283944