Skip to main content
SpringerLink
Log in

Tagged Fragment Marking Scheme with Distance-Weighted Sampling for a Fast IP Traceback

  • Conference paper
  • First Online:
Web Technologies and Applications (APWeb 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2642))

Included in the following conference series:

Abstract

IP traceback technique allows a victim to trace the routing path that an attacker has followed to reach his system. It has an effect of deterring future attackers as well as capturing the current one. FMS (Fragment Marking Scheme) is an efficient implementation of IP traceback. Every router participating in FMS leaves its IP information on the passing-through packets, partially and with some probability. The victim, then, can collect the packets and analyze them to reconstruct the attacking path. FMS and similar schemes, however, suffer a long convergence time to build the path when the attack path is lengthy. Also they suffer a combinatorial explosion problem when there are multiple attack paths. This paper suggests techniques to restrain the convergence time and the combinatorial explosion. The convergence time is reduced considerably by insuring all routers have close-to-equal chance of sending their IP fragments through a distance-weighted sampling technique. The combinatorial explosion is avoided by tagging each IP fragment with the corresponding router’s hashed identifier.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. M. Bellovin, “The ICMP Traceback Messages,” Internet Draft: draft-bellovin-itrace-00.txt, http://www.research.att.com/~smb, Mar. 2000.

  2. Hal Burch and Bill Cheswick, “Tracing anonymous packets to their approximate source,” Unpublished paper, December 1999.

    Google Scholar 

  3. Computer Emergency Response Team (CERT), “CERT Advisory CA 1995-01 IP Spoofing Attacks and Hijacked Terminal Connections,” http://www.cert.org/advisories/CA-1995-01.html, Jan. 1995.

  4. Computer Emergency Response Team (CERT), “CERT Advisory CA-2000-01 Denial-of-service developments,” http://www.cert.org/advisories/CA-2000-01.html, Jan. 2000.

  5. David A. Curry, “UNIX System Security,” Addison Wesley, pp. 36–80, 1992.

    Google Scholar 

  6. Drew Dean, Matt Franklin, and Adam Stubblefield, “An algebraic approach to ip traceback,” in Network and Distributed System Security Symposium, NDSS’ 01, February 2001.

    Google Scholar 

  7. Dave Dittrich, “Distributed Denial of Service (DDoS) attacks/tools resource page,” http://staff.washington.edu/dittrich/misc/ddos/, 2000.

  8. Sven Diettrich, Neil Long, and David Dittrich, “Analyzing distributed denial of service attack tools: The shaft case,” in 14th systems Administration Conference, LISA 2000, 2000.

    Google Scholar 

  9. P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” RFC 2267, Jan. 1998.

    Google Scholar 

  10. J.D. Howard, “An analysis of security incidents on the internet,” Phd thesis, Carnegie Mellon University, Aug. 1998.

    Google Scholar 

  11. L.T. Heberlein and M. Bishop, “Attack Class: Address Spoofing,” In 1996 National Information Systems Security Conference,” pages 371–378, Baltimore, MD, Oct. 1996.

    Google Scholar 

  12. S. Kent and J. Mogul, “Fragmentation Considered Harmful,” In Proceedings of the 1987 ACM SIGCOMM Conference, Pages 390–401, Stowe, VT, Aug. 1987

    Google Scholar 

  13. Jon Postel, “Internet Protocol-Darpa Internet Program-Protocol Specification,” RFC 791, http://www.faqs.org/rfcs/rfc791.html, Sept. 1981.

  14. “Project IDS — Intrusion Detection System,” http://www.cs.columbia.edu/ids/index.html, 2002.

  15. G. Sager. Security Fun with Ocxmon and Cflowd. Presentation at the Internet 2 Working Group, Nov. 1998.

    Google Scholar 

  16. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical network support for IP traceback,” in Proc. of ACM SIGCOMM, pp. 295–306, Aug. 2000.

    Google Scholar 

  17. Ion Stoica and Hui Zhang, “Providing guaranteed services without per flow management,” in SIGCOMM’99, pp. 81–94, 1999.

    Google Scholar 

  18. R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods,” In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July. 2000.

    Google Scholar 

  19. Dawn Xiaodong Song and Adrian Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” in Proc. IEEE INFOCOM, April. 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information and Communication Engineering, Inha Univ., Korea

    Ki Chang Kim, Byung Yong Kim & Soo-Duk Kim

  2. Department of Statistics, Inha Univ., Korea

    Jin Soo Hwang

Authors
  1. Ki Chang Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jin Soo Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Byung Yong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Soo-Duk Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, 4072, Australia

    Xiaofang Zhou  & Maria E. Orlowska  & 

  2. Department of Mathematics and Computing, University of Southern Queensland, Toowoomba, QLD, 4350, Australia

    Yanchun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, K.C., Hwang, J.S., Kim, B.Y., Kim, SD. (2003). Tagged Fragment Marking Scheme with Distance-Weighted Sampling for a Fast IP Traceback. In: Zhou, X., Orlowska, M.E., Zhang, Y. (eds) Web Technologies and Applications. APWeb 2003. Lecture Notes in Computer Science, vol 2642. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36901-5_45

Download citation

  • DOI: https://doi.org/10.1007/3-540-36901-5_45

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-02354-8

  • Online ISBN: 978-3-540-36901-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation