Rastreamento Eficiente de Pacotes na Internet
Abstract
This work presents a strategy that allows the determination of the source and the route traversed by a packet received from the Internet. The Internet architecture does not present this funcionality, that can be used, for instance, after the detection of an attack to determine its origin. Separate traffic logs are kept for each router interface; logs are efficiently stored in Bloom filters. The comunication among the system components preserves the confidentiality of the packet's information. A dynamic log paging strategy is also defined. The architecture was implemented and experimental results are presented.References
SecurityStats.com “Security Statistics,” http://www.securitystats.com/, acessado em 03/2006.
Microsoft Corporation, “Stop 0A in Tcpip.sys When Receiving Out Of Band (OOB) Data,” http://support.microsoft.com/support/kb/articles/Q143/4/78.asp, acessado em 03/2006.
Savage, S.,Wetherall, D., et all “Practical Network Support for IP Traceback,” Proceedings of the ACM Special Interest Group on Data Communications 2000 (SIGCOMM’2000), pp.295- 306, 2000.
Wu, S. F., Zhang, L., et all “Intention-Driven ICMP Trace-Back,” Internet Draft, IEFT, draft-wu-itrace-intention-00.txt, Fev. 2001.
Burch, H. e Cheswick, B. “Tracing Anonymous Packets to Their Approximate Source,” Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pp.319,327, San Diego, 2000.
Duffield, N. G. e Grossglauser, M. “Trajectory Sampling for Direct Traffic Observation,” Proceedings of the ACMSpecial Interest Group on Data Communications 2000 (SIGCOMM’2000), pp.271-282, Stockholm, 2000.
Keeni, G. M. “An Architecture for IP Packet Tracing,” http://www.cysol.co.jp/contrib/draft-glenn-ippt-arch-01.txt, acessado em 03/2006.
Snoeren, A. C., Partridge, C., et al “Hash-Based IP Traceback,” Proceedings of the ACM Special Interest Group on Data Communications 2001 (SIGCOMM’2001), pp 3-14, 2001.
Bloom, B. H. “Space/Time Trade-Offs in Hash Coding with Allowable Errors,” Communications of the ACM, Vol.13, pp.422-426, 1970.I
Fan, L., Cao, P., Almeida, J. e Broder, A. Z. “Summary Cache: a Scalable Wide-Area Web Cache Sharing Protocol,” IEEE/ACM Transactions on Networking, Vol.8, pp.281-293, 2000.
Sanchez, L. A.,Milliken, W. C., et al “Hardware Support for a Hash-Based IP Traceback”. Second DARPA Information Survivability Conference and Exposition, 2001.
Hilgenstieler, Egon e Duarte Jr., Elias P. “Uma Arquitetura para Rastreamento de Pacotes na Internet,” IV Workshop em Segurança de Sistemas Computacionais (WSeg’2004), Gramado, RS, 2004.
tcpdump/libpcap “TCPDUMP Public Repository,” http://www.tcpdump.org/, acessado em 03/2006.
B. M. Waxman “Routing of Multipoint Connections,”IEEE Journal of Selected Areas in Communications, pp 1617-1622, 1988.
Baker, F. “Requirements for IP Version 4 Routers,”RFC 1812, IETF, Junho 1995.
Simpson, W. “IP in IP Tunneling,”RFC 1853, IETF, Outubro 1995.
Kent, S. e Atkinson, R. “Security Architecture for the Internet Protocol,”RFC 2401, IETF, Novembro 1998.
Microsoft Corporation, “Stop 0A in Tcpip.sys When Receiving Out Of Band (OOB) Data,” http://support.microsoft.com/support/kb/articles/Q143/4/78.asp, acessado em 03/2006.
Savage, S.,Wetherall, D., et all “Practical Network Support for IP Traceback,” Proceedings of the ACM Special Interest Group on Data Communications 2000 (SIGCOMM’2000), pp.295- 306, 2000.
Wu, S. F., Zhang, L., et all “Intention-Driven ICMP Trace-Back,” Internet Draft, IEFT, draft-wu-itrace-intention-00.txt, Fev. 2001.
Burch, H. e Cheswick, B. “Tracing Anonymous Packets to Their Approximate Source,” Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pp.319,327, San Diego, 2000.
Duffield, N. G. e Grossglauser, M. “Trajectory Sampling for Direct Traffic Observation,” Proceedings of the ACMSpecial Interest Group on Data Communications 2000 (SIGCOMM’2000), pp.271-282, Stockholm, 2000.
Keeni, G. M. “An Architecture for IP Packet Tracing,” http://www.cysol.co.jp/contrib/draft-glenn-ippt-arch-01.txt, acessado em 03/2006.
Snoeren, A. C., Partridge, C., et al “Hash-Based IP Traceback,” Proceedings of the ACM Special Interest Group on Data Communications 2001 (SIGCOMM’2001), pp 3-14, 2001.
Bloom, B. H. “Space/Time Trade-Offs in Hash Coding with Allowable Errors,” Communications of the ACM, Vol.13, pp.422-426, 1970.I
Fan, L., Cao, P., Almeida, J. e Broder, A. Z. “Summary Cache: a Scalable Wide-Area Web Cache Sharing Protocol,” IEEE/ACM Transactions on Networking, Vol.8, pp.281-293, 2000.
Sanchez, L. A.,Milliken, W. C., et al “Hardware Support for a Hash-Based IP Traceback”. Second DARPA Information Survivability Conference and Exposition, 2001.
Hilgenstieler, Egon e Duarte Jr., Elias P. “Uma Arquitetura para Rastreamento de Pacotes na Internet,” IV Workshop em Segurança de Sistemas Computacionais (WSeg’2004), Gramado, RS, 2004.
tcpdump/libpcap “TCPDUMP Public Repository,” http://www.tcpdump.org/, acessado em 03/2006.
B. M. Waxman “Routing of Multipoint Connections,”IEEE Journal of Selected Areas in Communications, pp 1617-1622, 1988.
Baker, F. “Requirements for IP Version 4 Routers,”RFC 1812, IETF, Junho 1995.
Simpson, W. “IP in IP Tunneling,”RFC 1853, IETF, Outubro 1995.
Kent, S. e Atkinson, R. “Security Architecture for the Internet Protocol,”RFC 2401, IETF, Novembro 1998.
Published
2006-08-28
How to Cite
HILGENSTIELER, Egon; DUARTE JR., Elias P.; FONSECA, Keiko Verônica Ono.
Rastreamento Eficiente de Pacotes na Internet. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 124-137.
DOI: https://doi.org/10.5753/sbseg.2006.20944.
