Uma Arquitetura para Rastreamento de Pacotes na Internet
Abstract
After identifying an attack to a connected network, it’s important to be able to identify the origin of the attacker. However, the Internet’s architecture does not allow the IP packet source to be reliably discovered. This work presents an architecture that maintains nebwork traffic logs using a space-efficient structured called Bloom Filter. Through appropriate extractions techniques, it’s possible to identify the packet’s source. Contrary to proposed techniques, the complete path the packet has taken is determined, using less storage requirements. A configurable small false positive rates is allowed.References
SecurityStats.com "Security Statistics" http://www.securitystats.com/, acessado em 03/2004.
Crothers, T., An Overview of Intrusion Detection, Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network, Paperbock, 2002.
Bloom, B. H. "Space/Time Trade-Offs in Hash Coding with Allowable Errors," Communications of the ACM, Vol.13, pp.422-426, 1970.1
Burch, H. e Cheswick, B. "Tracing Anonymous Packets to Their Approximate Source," Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pp.319,327, San Diego, 2000.
Fan, L., Cao, P., Almeida, J. e Broder, A. Z. "Summary cache: a scalable wide-area Web cache sharing protocol," IEEE/ACM Transactions on Networking, Vol.8, pp.281-293, 2000.
Keeni, G. M. "An Architecture for Ip Packet Tracing," http://www.ietf.org/internet-drafts/draft-glenn-ippt-arch-00.txt, acessado em 29/10/2003.
Sager G. "Security Fun with OCxmon and cflowd," http://www.caida.org/projects/ngi/content/security/1198/mt0002.htm, acessado em 29/10/2003.
Sanchez, L. A., Milliken, W. C., et al "Hardware Support for a Hash-Based IP Traceback". Second DARPA Information Survivability Conference and Exposition, 2001.
Savage, S., Wetherall, D., Karlin, A. R. e Anderson, T. "Practical Network Support for IP Traceback," Proceedings of the ACM Special Interest Group on Data Communications 2000 (SIGCOMM '2000), pp.295-306, 2000.
Snoeren, A. C., Partridge, C., er al "Hash-Based IP Traceback," Proceedings of the ACM Special Interest Group on Data Communications 2001 (SIGCOMM '2001), pp 3-14, 2001.
Wu, S. F, Zhang, L., Massey, D. e Mankin, A. "Intention-Driven ICMP Trace-Back," Internet Draft, IEFT, draft-wu-itrace-intent ion-00.txt, Fev. 2001,
tcpdump/libpcap "TCPDUMP Public Repository." http://www.tcpdump.org/, acessado em 03/2004.
McCreary, S. e Claffy, K. "Trends in Wide Area IP Traffic Patterns: A View from Ames Internet Exchange," ITC Specialist Seminar on IP Traffic Modeling, Measurement and Management, pp 1-11, 2000.
B. M. Waxman "Routing of Multipoint Connections," IEEE Journal of Selected Areas in Communications, pp 1617-1622, 1988.
Crothers, T., An Overview of Intrusion Detection, Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network, Paperbock, 2002.
Bloom, B. H. "Space/Time Trade-Offs in Hash Coding with Allowable Errors," Communications of the ACM, Vol.13, pp.422-426, 1970.1
Burch, H. e Cheswick, B. "Tracing Anonymous Packets to Their Approximate Source," Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pp.319,327, San Diego, 2000.
Fan, L., Cao, P., Almeida, J. e Broder, A. Z. "Summary cache: a scalable wide-area Web cache sharing protocol," IEEE/ACM Transactions on Networking, Vol.8, pp.281-293, 2000.
Keeni, G. M. "An Architecture for Ip Packet Tracing," http://www.ietf.org/internet-drafts/draft-glenn-ippt-arch-00.txt, acessado em 29/10/2003.
Sager G. "Security Fun with OCxmon and cflowd," http://www.caida.org/projects/ngi/content/security/1198/mt0002.htm, acessado em 29/10/2003.
Sanchez, L. A., Milliken, W. C., et al "Hardware Support for a Hash-Based IP Traceback". Second DARPA Information Survivability Conference and Exposition, 2001.
Savage, S., Wetherall, D., Karlin, A. R. e Anderson, T. "Practical Network Support for IP Traceback," Proceedings of the ACM Special Interest Group on Data Communications 2000 (SIGCOMM '2000), pp.295-306, 2000.
Snoeren, A. C., Partridge, C., er al "Hash-Based IP Traceback," Proceedings of the ACM Special Interest Group on Data Communications 2001 (SIGCOMM '2001), pp 3-14, 2001.
Wu, S. F, Zhang, L., Massey, D. e Mankin, A. "Intention-Driven ICMP Trace-Back," Internet Draft, IEFT, draft-wu-itrace-intent ion-00.txt, Fev. 2001,
tcpdump/libpcap "TCPDUMP Public Repository." http://www.tcpdump.org/, acessado em 03/2004.
McCreary, S. e Claffy, K. "Trends in Wide Area IP Traffic Patterns: A View from Ames Internet Exchange," ITC Specialist Seminar on IP Traffic Modeling, Measurement and Management, pp 1-11, 2000.
B. M. Waxman "Routing of Multipoint Connections," IEEE Journal of Selected Areas in Communications, pp 1617-1622, 1988.
Published
2004-05-10
How to Cite
HILGENSTIELER, Egon; DUARTE JR., Elias P..
Uma Arquitetura para Rastreamento de Pacotes na Internet. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 4. , 2004, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2004
.
p. 220-231.
DOI: https://doi.org/10.5753/sbseg.2004.21240.
