Title :
Detecting offensive routers: a straightforward approach
Author :
Wang, Baa-Tung ; Schulzrinne, Henning
Author_Institution :
Dept. of Comput. Sci., Columbia Univ., New York, NY, USA
Abstract :
Packet dropping attack (PDA) is a network attack that utilizes compromised network elements to degrade network performance or quality by intentionally dropping a certain amount of IP packets. The major distinction of the PDA from traditional denial-of service (DoS) attack is that some victims do not even discern that they are under attack. Offensive router detection (ORD) is a mechanism capable of detecting offensive routers that are performing the PDA. The ORD mechanism is based on the principle of conservation of flow in the network, and employs a new proposed ICMP message, Caddie message, which records packet forwarding information in the Caddie messages. Therefore, after analyzing the information, we can identify routers that are abnormally dropping packets. We show the advantages of the ORD mechanism over other existing network monitoring mechanisms and discusses storage and bandwidth overhead issues. We also demonstrate the advantages and the effectiveness of the approach by simulating the functionality of the ORD mechanism to detect four different packet-dropping patterns.
Keywords :
IP networks; computer crime; message authentication; message passing; packet switching; telecommunication network routing; telecommunication security; IP packets; denial-of service; message authentication; network monitoring mechanism; network performance; offensive router detection; packet dropping attack; Bandwidth; Computational modeling; Computer crime; Computer science; Degradation; IP networks; Information analysis; Monitoring; Personal digital assistants; Web and internet services;
Conference_Titel :
Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on
Print_ISBN :
0-7803-7882-2
DOI :
10.1109/CCST.2003.1297604
