Vulnerabilities in distance-indexed IP traceback schemes

Authors:
Jianping Pan;Lin Cai;Xuemin Sherman Shen
Affiliations:
Department of Computer Science, University of Victoria, Victoria, BC, Canada.;Department of Electrical and Computer Engineering, University of Victoria, Victoria, BC, Canada.;Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario, Canada
Venue:
International Journal of Security and Networks
Year:
2007

Citing 15
Cited 3

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Using router stamping to identify the source of IP packets

Proceedings of the 7th ACM conference on Computer and communications security
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback

IEEE/ACM Transactions on Networking (TON)
An algebraic approach to IP traceback

ACM Transactions on Information and System Security (TISSEC)
Tradeoffs in probabilistic packet marking for IP traceback

STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Efficient packet marking for large-scale IP traceback

Proceedings of the 9th ACM conference on Computer and communications security
Single-packet IP traceback

IEEE/ACM Transactions on Networking (TON)
An Evaluation of Different IP Traceback Approaches

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Adjusted Probabilistic Packet Marking for IP Traceback

NETWORKING '02 Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications
GOSSIB vs. IP Traceback Rumors

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Pi: A Path Identification Mechanism to Defend against DDoS Attacks

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
On the Issues of IP Traceback for IPv6 and Mobile IPv6

ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
An IP Traceback Technique against Denial-of-Service Attacks

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Tracing cyber attacks from the practical perspective

IEEE Communications Magazine

Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
The effect of leaders on the consistency of group behaviour

International Journal of Sensor Networks
A survey of cyber crimes

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In order to counter Denial-of-Service (DoS) attacks using spoofed source addresses, many IP traceback schemes have been proposed in the last few years. Among them, distance-indexed probabilistic packet marking schemes appear to be very attractive. In this paper, we first discover two intrinsic vulnerabilities in these schemes. Substantiated by efficacy analysis and numerical results, several exploits are designed to take advantage of these vulnerabilities in an efficient manner when compared with the traceback effort attempted by victims. Consequently, we show that the design goal of these schemes can be compromised in practice. Further, we discuss these vulnerabilities in a general context relevant to network protocols and examine a few possible alternatives.