Passive IP Traceback : Disclosing the Locations of IP Spoofers from Path Backscatter

Authors

  • Sudhakar M  Department of Computer Science and Engineering, Dhanalakshmi College of Engineering, Chennai,Tamil Nadu, India
  • Vimal K  Department of Computer Science and Engineering, Dhanalakshmi College of Engineering, Chennai,Tamil Nadu, India
  • Siva Subramanian  Department of Computer Science and Engineering, Dhanalakshmi College of Engineering, Chennai,Tamil Nadu, India

Keywords:

Spoofing, Path Back Scatter, PIT

Abstract

It is long known attackers may use forged source IP address to conceal their real locations. To capture the attackers, a number of IP trackback mechanisms have been proposed. However, due to the challenges of deployment, there has been not a widely adopted IP trackback solution, at least at the Internet level. As a result, the mist on the locations of hackers has never been dissipated till now. This paper proposes passive IP trackback (PIT) that bypasses the deployment difficulties of IP tracers techniques. PIT investigates Internet Control Message Protocol error messages (named path backscatter) triggered by spoofing traffic, and tracks the hackers based on public available information (e.g., topology). In this way, PIT can find the attackers without any deployment requirement. This paper illustrates the causes, collection, and the statistical results on path backscatter, demonstrates the processes and effectiveness of PIT, and shows the captured locations of hackers through applying PIT on the path backscatter data set. These results can help further reveal IP spoofing, which has been studied for long but never well understood. Though PIT cannot work in all the spoofing attacks, it may be the most useful mechanism to trace hackers before an Internet-level trackback system has been deployed in real.

References

    1. S.  M.  Bellovin,  "Security  problems  in  the  TCP/IP  protocol  suite," ACM SIGCOMM Comput. Commun. Rev., vol. 19, no. 2, pp. 32–48, Apr. 1989.
    1. ICANN Security and Stability Advisory Committee, "Distributed denial of service (DDOS) attacks," SSAC, Tech. Rep. SSAC Advisory SAC008, Mar. 2006.
    2. C. Labovitz, "Bots, DDoS and ground truth," presented at the 50th NANOG, Oct. 2010.
    3. The UCSD Network Telescope. Online]. Available: http://www.caida.org/projects/network_telescope/
    4. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," in Proc. Conf. Appl., Technol., Archit., Protocols Comput. Commun. (SIGCOMM), 2000, pp. 295–306.
    5. S. Bellovin. ICMP Traceback Messages. Online]. Available: http://tools.ietf.org/html/draft-ietf-itrace-04, accessed Feb. 2003.
    6. A. C. Snoeren et al., "Hash-based IP traceback," SIGCOMM Comput. Commun. Rev., vol. 31, no. 4, pp. 3–14, Aug. 2001.
    7. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, "Inferring internet denial-of-service activity," ACM Trans. Comput. Syst., vol. 24, no. 2, pp. 115–139, May 2006. Online]. Available: http://doi.acm.org/10.1145/1132026.1132027
    8. M. T. Goodrich, "Efficient packet marking for large-scale IP trace-back," in Proc. 9th ACM Conf. Comput. Commun. Secur. (CCS), 2002,pp.      117–126.
    9. D. X. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proc. IEEE 20th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 2. Apr. 2001, pp. 878–886.
    10. A. Yaar, A. Perrig, and D. Song, "FIT: Fast internet traceback," in Proc. IEEE 24th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 2. Mar. 2005, pp. 1395–1406.
    11. J. Liu, Z.-J. Lee, and Y.-C. Chung, "Dynamic probabilistic packet marking for efficient IP traceback," Comput. Netw., vol. 51, no. 3, pp.                866–882, 2007.
    12. K. Park and H. Lee, "On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack," in Proc. IEEE 20th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 1. Apr. 2001, pp. 338–347.
    13. M. Adler, "Trade-offs in probabilistic packet marking for IP traceback," J. ACM, vol. 52, no. 2, pp. 217–244, Mar. 2005.
    14. A. Belenky and N. Ansari, "IP traceback with deterministic packet marking," IEEE Commun. Lett., vol. 7, no. 4, pp. 162–164, Apr. 2003.
    15. Y. Xiang, W. Zhou, and M. Guo, "Flexible deterministic packet marking: An IP traceback system to find the real source of attacks," IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 4, pp. 567–580, Apr. 2009.
    16. R. P. Laufer et al., "Towards stateless single-packet IP traceback," in Proc.  32nd  IEEE  Conf.  Local  Comput.  Netw.  (LCN),  Oct.  2007, pp.     548–555.    Online].    Available:http://dx.doi.org/10.1109/ LCN.2007.160
    17. M. D. D. Moreira, R. P. Laufer, N. C. Fernandes, and O. C. M. B. Duarte, "A stateless traceback technique for identifying the origin of attacks from a single packet," in Proc. IEEE Int. Conf. Commun. (ICC), Jun. 2011, pp. 1–6.
    18. A. Mankin, D. Massey, C.-L. Wu, S. F. Wu, and L. Zhang, "On design and evaluation of ‘intention-driven’ ICMP traceback," in Proc. 10th Int. Conf. Comput. Commun. Netw., Oct. 2001, pp. 159–165.
    19. H. C. J. Lee, V. L. L. Thing, Y. Xu, and M. Ma, "ICMP traceback with cumulative path, an efficient solution for IP traceback," in Information and Communications Security. Berlin, Germany: Springer-Verlag, 2003, pp.       124–135.

International Journal of Scientific Research in Science and Technology

Downloads

Published

2016-04-30

Issue

Volume 2, Issue 2, March-April-2016

Section

Research Articles

License

Copyright (c) IJSRST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Sudhakar M, Vimal K, Siva Subramanian, " Passive IP Traceback : Disclosing the Locations of IP Spoofers from Path Backscatter, International Journal of Scientific Research in Science and Technology(IJSRST), Online ISSN : 2395-602X, Print ISSN : 2395-6011, Volume 2, Issue 2, pp.100-104, March-April-2016.