Vulnerability analysis of IP traceback schemes

Author

Cai, Lin ; Pan, Jianping ; Shen, Sherman X.

Author_Institution

Victoria Univ., BC, Canada

Volume

3

fYear

2005

fDate

28 Nov.-2 Dec. 2005

Abstract

Distributed denial-of-service attacks pose a serious threat to today´s Internet. To counter these attacks, many IP traceback schemes have been proposed; among them, distance-indexed probabilistic packet marking and its variants are attractive due to their stateless, low-overhead and incrementally-deployable design. However, some schemes may become vulnerable in practice, and the implication is yet to be quantified. In this paper, we first reveal these vulnerabilities. Sustained by efficacy analysis and numerical results, we then design several exploits that allow attackers to take full advantage of these vulnerabilities. We also examine the causes of these vulnerabilities as well as possible remedies, and discuss the distance-related buffer overflow in the context of network protocols.

Keywords

IP networks; Internet; numerical analysis; protocols; IP traceback schemes; Internet; distance-indexed probabilistic packet marking; distance-related buffer overflow; distributed denial-of-service attacks; network protocols; vulnerability analysis; Buffer overflow; Computer crime; Counting circuits; Data structures; Protocols; TCPIP; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE

Print_ISBN

0-7803-9414-3

Type

conf

DOI

10.1109/GLOCOM.2005.1577960

Filename

1577960