Академический Документы
Профессиональный Документы
Культура Документы
,Network Security
and Cyber Law
DDoS Attack
Prevention/Detection Puneeth Reddy H
22.4.3 : IP Traceback C
(1RR16CS052)
IP TRACEBACK
02
be falsified in a strategy called IP address spoofing, and creating
potential internet security and stability problems.
03
approaches to this problem have been tailored toward DoS
attack detection.
THERE ARE TWO PRINCIPAL
APPROACHES TO IP TRACEBACK
01 Probabilistic Packet
Marking
02 Packet Logging
PROBABILISTIC PACKET MARKING
Either the packet keeps track of the routers it has visited or each router keeps
track of the packets passing through it. Solutions under the first approach use
packet marking.
Consider, for a moment that every intermediate router were to append its 32-bit
IP address to each packet it forwards. A packet on the Internet traverses about 10
hops on the average, so an extra40 bytes would be needed to keep track of its
path from source to destination.
The IP header has a 16-bit ID field. This field provides support for packet
fragmentation and re-assembly. Different networks have different restrictions on
the size of the datagrams they can carry.
They may split a datagram into two or more fragments and send each fragment
separately . The router at the destination end has the responsibility for re-
assembling the fragments to create the original packet.
?
Traceback schemes employing PPM use
the ID field to store partial information
on intermediate routers. But, given that
the length of each IP address is 4 bytes,
how can a packet store router address
information in a 16-bit ID field ?
ANS
The answer lies in computing a global fingerprint for each
router - this is, say, 16 or fewer bits of the hash of a
router's IP address.
While packet marking made use of the idea of a router fingerprint, packet logging
makes use of the idea of a packet fingerprint or digest.
This is computed using a well-designed hash function one that distributes the
hash values uniformly across all possible hash inputs.
An interesting feature of packet logging is that it can help track even a single
rogue packet. First , assume that each router stores each packet received by it in
the last 5 minutes.
UPSTREAM
Thank You