Single-Packet IP Traceback

Single-Packet IP Traceback (2002)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Alex C. Snoeren , Student Member , Luis A. Sanchez , Christine E. Jones , Fabrice Tchakountio , Beverly Schwartz , Craig Partridge , Stephen T. Kent , W. Timothy Strayer , Senior Member

Citations:

133 - 4 self

BibTeX

@MISC{Snoeren02single-packetip,
    author = {Alex C. Snoeren and Student Member and Luis A. Sanchez and Christine E. Jones and Fabrice Tchakountio and Beverly Schwartz and Craig Partridge and Stephen T. Kent and W. Timothy Strayer and Senior Member},
    title = {Single-Packet IP Traceback},
    year = {2002}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage) , and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

Citations

1813	The Art of Computer Programming - Knuth - 1968
1185	Space/time trade-offs in hash coding with allowable errors - Bloom - 1970
675	The MD5 Message-Digest Algorithm - Rivest - 1992
596	Summary cache: A scalable wide-area web cache sharing protocol - Fan, Cao, et al. - 2000
590	Universal classes of hash functions - Carter, Wegman - 1979
462	Network support for IP traceback - Savage, Wetherall, et al. - 2001
444	Internet protocol - Postel - 1981
438	Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ - Ferguson, Senie - 2000
214	Internet control message protocol - Postel - 1981
208	Advanced and authenticated Marking Schemes for IP Traceback - Song, Perrig - 2001
185	Tracing Anonymous Packets to Their Approximate Source - Burch, Cheswick - 2000
176	CenterTrack: An IP Overlay Network for Tracking DoS - Stone - 2000
176	Trajectory sampling for direct traffic observation - Duffield, Grossglauser - 2001
136	Requirements for IP Version 4 Routers - Baker, Ed - 1995
128	An analysis of using reflectors for Distributed Denial of Service attacks - Paxson - 2001
127	Trends in wide area IP traffic patterns: A view from Ames Internet Exchange - McCreary, Claffy - 2000
100	LFSR-based Hashing and Authentication - Krawczyk
96	P.: UMAC: Fast and secure message authentication - Black, Halevi, et al. - 1999
90	ICMP traceback messages - BELLOVIN, LEECH, et al. - 2001
43	Infrastructure for intrusion detection and response - Schnackenberg, Djahandari, et al. - 2000
35	MMH: Software message authentication in the Gbit/second rates - Halevi, Krawczyk - 1997
22	Hardware Support for a Hash-Based IP Traceback - Sanchez, Milliken, et al. - 2001
11	Security fun with OCxmon and cflowd - SAGER - 1998
10	k daffy. "Characteristics of Fragmented IP Traffic on Internet Links - Shannon, Moore - 2001
2	Stop 0A in tcpip.sys when receiving out of band (OOB) data. http://support.microsoft.com/ support/kb/articles/Q143/4/78.asp - CORPORATION
1	End-to-end internet path dynamics - PAXSON - 1999
1	Xiaodong Song and Adrian Perrig, "Advanced and authenticated marking schemes for IP traceback - Dawn - 2001
1	On design and evaluation of "intention-driven" ICMP traceback - Mankin, Massey, et al. - 2001
1	Fouad Tobagi, "Design and deployment of a passive monitoring infrastructure - Fraleigh, Diot, et al. - 2001