CIT- 100 Tracking and Tracing Spoofed IP Packets to Their So(7)

As the Internet becomes increasingly important as a business infrastructure, the number of attacks on it, especially denial of service (DoS) attacks grows. A DoS attack is an attempt by a person or a group of persons to cripple an online service. Consequen

College of Information Technology

the network administrator's e-mail address. If we can identify the organization from which the attack originated, the organization can often identify the user who launched the attack.

Basic method of the traceback approach. Forwarding nodes, or tracers, store data from an incoming packet as well as its datalink-level identifier in the packet information area, and they identify the adjacent forwarding node.

ACKNOWLEDGMENT

This work has financially supported by the Research Affairs at the UAE University under a contract no. 03-05-9-11/04.

REFERENCES

[1] S. Savage et. al. "Practical Network Support for IP Traceback," Proc. 2001 ACM SIGCOMM, vol. 30,

no. 4, ACM Press, New York, Aug. 2001, pp. 295-306; available on line at .

[2] S. Bellovin, M. Leech, and T. Tylor, "ICMP Traceback Messages," Internet draft, work in progress, Oct

2001; available online at

[3] R. Stone, "CenterTrack: An IP Overlay Network for Tracking DoS Floods," Proc. 9th Usenix Security

Symposium, Usenix Association, Berkeley, California, Aug 2000; available online at

[4] H.Y. Chang et. al., "DecIdUous: Decentralized Source Identification for Network-Based Intrusions,"

Proc. 6th IFIP/IEEE International Symposium. Integrated Network Management, IEEE Comm. Soc., New York, May 1999, pp. 701-714.

[5] K. Ohta et. al., "Detection, Defense, and Tracking of Internet Wide-Illegal Access in a distributed

Manner," Proc., INET 2000, Internet Society, Reston, VA, July 2000; available online at /inet2000/cdproceddings/1f/1f_2.htm.

[6] CERT, "TCP SYN flooding and IP spoofing attacks," Advisory CA-96.21, September 1996.

[7] Vern Paxson, "An analysis of using reflectors for distributed denial-of-service attacks," Computer

Communication Review, 31(3), 2001.

[8] Mike Kristovich, "Multi-vendor game server DDoS vulnerability," , November 2002.

[9] CERT, "IP spoofing attacks and hijacked terminal connections," Advisory CA-1995-01 , February 2001.

[10] L. Joncheray, "Simple active attack against TCP," , February 2001.

CIT - 106 The Sixth Annual U.A.E. Research Conference