BGP Traceback: Um Novo Método para Identificação de Caminhos de Ataques na Internet

  • Luis Felipe M. de Moraes UFRJ
  • Denilson Vedoveto Martins UFRJ
DOI: https://doi.org/10.5753/sbseg.2006.20951

Abstract


This paper presents the proposal of a new method of IP Traceback that introduces the use of the Border Gateway Protocol (BGP) to trace the path of an attack in the Internet. To allow such functionality, new messages were included to the BGP. Due to the problems found in current methods of IP Traceback, modifications are proposed in the packet marking mechanism, allowing only attack packets to be marked. To guarantee the secure communication between BGP Peers, the use of security mechanisms introduced by the proposal of Secure-BGP (S-BGP) will be considered.

References

Baba, T. and Matsuda, S. (2002). Tracing Network Attacks to Their Sources. IEEE Internet Computing, 6(2):20–26.

Belenky, A. and Ansari, N. (2003a). Accommodating Fragmentation in Deterministic Packet Marking for IP Traceback. In GLOBECOM 2003, pages 1374–1378. IEEE.

Belenky, A. and Ansari, N. (2003b). IP Traceback With Deterministic Packet Marking. IEEE Communications Letters, 7(4):162–164.

Belenky, A. and Ansari, N. (2003c). On IP traceback. IEEE Comm. Mag., 41(7):142–153.

Bellovin, S. M. (2000). ICMP Traceback Messages. IETF Draft.

CERT (1996). CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks. Technical report, http://www.cert.org/advisories/CA-1996-21.html.

CERT (2001). CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Number. Technical report, http://www.cert.org/advisories/CA-2001-09.html.

Ford, S. and Paxson, V. (2001). Difficulties in simulating the internet. IEEE/ACM Transactions on Networking, 9(4):392–403.

Haller, N. and Atkinson, R. (1994). RFC1704 On Internet Authentication. IETF.

ISS, I. S. S. (2000). Distributed Denial of Service Attack Tools. Technical report, http://www.iss.net.

Kent, S. (2003). Securing the Border Gateway Protocol: A Status Update. In 7th IFIP Conference on Communications and Multimedia Security.

Kent, S., Lynn, C., and Seo, K. (2000). Secure Border Gateway Protocol (S-BGP). In IEEE JSAC, volume 18, pages 582–592. IEEE.

Kent, S. et al (2000). Design and Analysis of the Secure Border Gateway Protocol (SBGP). In Proc. of DARPA DISCEX 2000, volume 1, pages 18–33. IEEE.

Kuznetsov, V. et al (2002). An Evaluation of Different IP Traceback Approaches. In 4th Int. Conf. on Information and Communications Security, pages 37–48.

Mankin, A. et al (2001). On Design and Evaluation of Intention-Driven ICMP Traceback. In IEEE Int. Conf. Computer Comm. and Networks, pages 159–165. IEEE.

Murphy, S. (2006). RFC4272 BGP Security Vulnerabilities Analysis. IETF.

Park, K. and Lee, H. (2001). On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In 20th INFOCOM, pages 338–347. IEEE.

Rekhter, Y. and Li, T. (1995). RFC1771 A Border Gateway Protocol 4 (BGP-4). IETF.

Savage, S., Wetherall, D., Karlin, A., and Anderson, T. (2001). Network Support for IP Traceback. IEEE Transactions on Networking, 9(3):226–237.

Turk, D. (2004). RFC3882 Configuring BGP to Block Denial-of-Service Attacks. IETF.

VINT Project (2004). Network Simulator 2. http://www.isi.edu/nsnam/.

Waldvogel, M. (2002). GOSSIB vs. IP Traceback Rumors. In Proc. of 18th Annual Computer Security Applications Conference. IEEE.
Published
2006-08-28
How to Cite

Select a Format
MORAES, Luis Felipe M. de; MARTINS, Denilson Vedoveto. BGP Traceback: Um Novo Método para Identificação de Caminhos de Ataques na Internet. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 6. , 2006, Santos. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2006 . p. 222-235. DOI: https://doi.org/10.5753/sbseg.2006.20951.