BGP Traceback: Um Novo Método para Identificação de Caminhos de Ataques na Internet

  • Luis Felipe M. de Moraes UFRJ
  • Denilson Vedoveto Martins UFRJ

Resumo


Este artigo apresenta a proposta de um novo método de IP Traceback que introduz a utilização do Border Gateway Protocol (BGP) para rastrear o caminho de um ataque na Internet. Para permitir tal funcionalidade, foram incluídas novas mensagens ao BGP. Devido aos problemas encontrados nos métodos atuais de IP Traceback, são propostas alterações no mecanismo de marcação de pacotes, permitindo que sejam escolhidos apenas aqueles pertencentes a ataques. Para garantir a comunicação segura entre as entidades BGP, será considerado o uso dos mecanismos de segurança introduzidos pela proposta do Secure-BGP (S-BGP).

Referências

Baba, T. and Matsuda, S. (2002). Tracing Network Attacks to Their Sources. IEEE Internet Computing, 6(2):20–26.

Belenky, A. and Ansari, N. (2003a). Accommodating Fragmentation in Deterministic Packet Marking for IP Traceback. In GLOBECOM 2003, pages 1374–1378. IEEE.

Belenky, A. and Ansari, N. (2003b). IP Traceback With Deterministic Packet Marking. IEEE Communications Letters, 7(4):162–164.

Belenky, A. and Ansari, N. (2003c). On IP traceback. IEEE Comm. Mag., 41(7):142–153.

Bellovin, S. M. (2000). ICMP Traceback Messages. IETF Draft.

CERT (1996). CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks. Technical report, http://www.cert.org/advisories/CA-1996-21.html.

CERT (2001). CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Number. Technical report, http://www.cert.org/advisories/CA-2001-09.html.

Ford, S. and Paxson, V. (2001). Difficulties in simulating the internet. IEEE/ACM Transactions on Networking, 9(4):392–403.

Haller, N. and Atkinson, R. (1994). RFC1704 On Internet Authentication. IETF.

ISS, I. S. S. (2000). Distributed Denial of Service Attack Tools. Technical report, http://www.iss.net.

Kent, S. (2003). Securing the Border Gateway Protocol: A Status Update. In 7th IFIP Conference on Communications and Multimedia Security.

Kent, S., Lynn, C., and Seo, K. (2000). Secure Border Gateway Protocol (S-BGP). In IEEE JSAC, volume 18, pages 582–592. IEEE.

Kent, S. et al (2000). Design and Analysis of the Secure Border Gateway Protocol (SBGP). In Proc. of DARPA DISCEX 2000, volume 1, pages 18–33. IEEE.

Kuznetsov, V. et al (2002). An Evaluation of Different IP Traceback Approaches. In 4th Int. Conf. on Information and Communications Security, pages 37–48.

Mankin, A. et al (2001). On Design and Evaluation of Intention-Driven ICMP Traceback. In IEEE Int. Conf. Computer Comm. and Networks, pages 159–165. IEEE.

Murphy, S. (2006). RFC4272 BGP Security Vulnerabilities Analysis. IETF.

Park, K. and Lee, H. (2001). On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In 20th INFOCOM, pages 338–347. IEEE.

Rekhter, Y. and Li, T. (1995). RFC1771 A Border Gateway Protocol 4 (BGP-4). IETF.

Savage, S., Wetherall, D., Karlin, A., and Anderson, T. (2001). Network Support for IP Traceback. IEEE Transactions on Networking, 9(3):226–237.

Turk, D. (2004). RFC3882 Configuring BGP to Block Denial-of-Service Attacks. IETF.

VINT Project (2004). Network Simulator 2. http://www.isi.edu/nsnam/.

Waldvogel, M. (2002). GOSSIB vs. IP Traceback Rumors. In Proc. of 18th Annual Computer Security Applications Conference. IEEE.
Publicado
28/08/2006
MORAES, Luis Felipe M. de; MARTINS, Denilson Vedoveto. BGP Traceback: Um Novo Método para Identificação de Caminhos de Ataques na Internet. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2006 . p. 222-235. DOI: https://doi.org/10.5753/sbseg.2006.20951.