Uma Técnica de Rastreamento sem Estado para Identificar a Origem de Ataques a Partir de um Único Pacote
Abstract
Anonymity is one of the main motivations for conducting denial-of-service attacks. Currently, there is no mechanism to either identify the true source of an IP packet or to prove its authenticity. In this paper we propose a stateless IP traceback technique that identifies the origin network of each individual packet. We show that the proposed traceback system is the only one that scales with the number of attackers and also satisfies practical requirements, such as no state stored at routers and a header overhead (25 bits) that can be allocated in IPv4 header. The proposed system exploits the customer-provider hierarchy of the Internet at autonomous system (AS) level and introduces the idea of checkpoints, which are the two most important nodes in an AS-level path. Simulation results using a real-world topology trace show that the proposed system narrows the source of an attack packet down to less than two candidate ASes on average. In addition, considering a partial deployment scenario, we show that the proposed system is able to successfully trace more than 90% of the attacks if only 8% of the ASes (i.e., just the core ASes) implement the system. The achieved success rate is quite better than using the classical hop-by-hop path reconstruction.
References
Belenky, A. e Ansari, N. (2007). On Deterministic Packet Marking. Computer Networks, 51(10):2677– 2700.
Bellovin, S. M., Leech, M. D. e Taylor, T. (2003). ICMP Traceback Messages. Internet Draft: draft-ietfitrace-04.txt.
Castelucio, A., Ziviani, A. e Salles, R. M. (2009). An AS-level Overlay Network for IP Traceback. IEEE Network, 23(1):36–41.
Choi, K. H. e Dai, H. K. (2004). A Marking Scheme Using Huffman Codes for IP Traceback. IEEE ISPAN, 00:421–428.
Dean, D., Franklin, M. e Stubblefield, A. (2002). An Algebraic Approach to IP Traceback. ACM Transactions on Information and System Security, 5(2):119–137.
Durresi, A., Paruchuri, V. e Barolli, L. (2009). Fast Autonomous System Traceback. Journal of Network and Computer Applications, 32(2):448 – 454.
Ehrenkranz, T. e Li, J. (2009). On the State of IP Spoofing Defense. ACM Transactions on Internet Technology, 9(2):1–29.
Ferguson, P. e Senie, D. (2000). RFC 2827: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing.
Gao, Z. e Ansari, N. (2007). A Practical and Robust Inter-Domain Marking Scheme for IP Traceback. Computer Networks, 51(3):732–750.
Huston, G. (2009). 32-bit Autonomous System Number Report. http://www.potaroo.net/tools/asn32/.
Hyun, Y., Huffaker, B., Andersen, D., Aben, E., Luckie, M., Claffy, K. e Shannon, C. (2009). The IPv4 Routed /24 AS Links Dataset. http://www.caida.org/data/active/ipv4_routed_topology_aslinks_dataset.xml.
Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., de O. Cunha, D., Costa, L. H. M. K. e Duarte, O. C. M. B. (2005). Negação de Serviço: Ataques e Contramedidas. Em Minicursos do V Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais SBSeg’2005, capítulo 1, páginas 1–63.
Laufer, R. P., Velloso, P. B., de O. Cunha, D., Moraes, I. M., Bicudo, M. D. D., Moreira, M. D. D. e Duarte, O. C. M. B. (2007). Towards Stateless Single-Packet IP Traceback. Em IEEE Conference on Local Computer Networks, páginas 548–555.
Liu, X., Li, A., Yang, X. e Wetherall, D. (2008). Passport: Secure and Adoptable Source Authentication. Em USENIX Symposium on Network Systems Design and Implementation.
Mahadevan, P., Krioukov, D., Fomenkov, M., Dimitropoulos, X., Claffy, K. C. e Vahdat, A. (2006). The Internet AS-level Topology: Three Data Sources and One Definitive Metric. ACM SIGCOMM Computer Communication Review, 36(1):17–26.
Oliveira, L., Aschoff, R., Lins, B., Feitosa, E. e Sadok, D. (2007). Avaliação de Proteção Contra Ataques de Negação de Serviço Distribuídos (DDoS) Utilizando Lista de IPs Confiáveis. Em Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais SBSeg’2007, Rio de Janeiro, RJ, Brasil.
Savage, S., Wetherall, D., Karlin, A. e Anderson, T. (2001). Network Support for IP Traceback. IEEE/ACM Transactions on Networking, 9(3):226–237.
Snoeren, A. C., Partridge, C., Sanchez, L. A., Jones, C. E., Tchakountio, F., Schwartz, B., Kent, S. T. e Strayer, W. T. (2002). Single-Packet IP Traceback. IEEE/ACM Transactions on Networking, 10(6):721– 734.
Song, D. X. e Perrig, A. (2001). Advanced and Authenticated Marking Schemes for IP Traceback. IEEE International Conference on Computer Communications, 2:878–886.
Yaar, A., Perrig, A. e Song, D. (2005). FIT: Fast Internet Traceback. IEEE International Conference on Computer Communications, 2:1395–1406.
