Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Mapping and visualizing the internet
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Constrained mirror placement on the Internet
IEEE Journal on Selected Areas in Communications
Computers & Mathematics with Applications
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
This paper provide the way of finding the legitimacy of a packet by analyzing the number of hops that packet gone through before reaching at the destination. Problem with IP packet is that the contents of the packet can be changed easily. This is called IP spoofing, which is being very much used in Distributed Denial-of-Service (DDoS) attacks. they are very hard to detect, there is no comprehensive solution. But attacker cannot control hop count. Since after sending the packet, he can not tamper TTL field, which is modified by every hop. By generating an IP to Hop-Count mapping table and inspecting it, spoofed packets can be identified. It is called HCF (Hop Count Filter). It is used to classify legitimate and spoofed packets with little collateral damage. HCF causes delay in critical path of packet processing in the kernel because of enormous IP2HC mapping table. This overhead is reduced by identifying the attackers in learning state and then drop spoofed packets in filtering state. It is implemented in the Linux kernel so as to reduce the CPU overhead in terms of interrupts which saves the resources.