SEMINAR ON IP TRACEBACK SECURITYGuided by: Presented By:Miss Ranjita Mishra Deepak Kumar Marndi Regd No-0801106165 CET,BBSR
CONTENTS Introduction Overview of Trace back system Classification of Trace back Methods Technologies For Preventing Network Attacks Limitation and open Issues Challenges and Future Works Conclusion References
INTRODUCTION DOS(denial of service) DDOS(distributed denial of service Spoofed IP address IP Trace back To identify the address of Fig A Scenario of DOS Attack the true source of the packets causing a DOS.
OVERVIEW OF TRACEBACK SYSTEM Able to trace the attacker with a single packet. Minimal processing overhead. Very low level of ISP involvement. High level of protection is preferred in a trace back system. Producing meaningful traces are limited to the range of deployment the trace back system.
CLASSIFICATION(Contd….)• Ingress Filtering Configure routers to block packets that arrive with illegitimate source addresses. Examine the source address to distinguish between Fig Ingress Filtering legitimate and illegitimate addresses. Is most feasible in customer or at the border of the ISPs.
CLASSIFICATION(Contd….)• Link Testing Starts from the router closest to the victim. It determines which link carries the attacker’s traffic. It is divided into two types. Input debugging. Controlled flooding. Disadvantage Consumes huge amount of resources. Causes denial of service when the no. of sources needed to be increased.
CLASSIFICATION(Contd….)• Logging It logs packets at key routers. It determines the attacker’s path based on the packet traversing. Drawback Enormous resource requirements.
CLASSIFICATION(Contd….)• ICMP TRACEBACK It trace out the full path of the attack. It generates an iTrace at every router directed to the same destination as the selected packet. ICMP message contains part of a traversing Fig ICMP Traceback Mechanism packet and sends the message to the packet’s destination.
CLASSIFICATION(Contd….)• Packet Marking Algorithm In this algorithm when it forwards a packet it also insert a mark in the packet which is an unique identifier to the particular router. The victim can determine all the intermediate hops for each packet by observing inserted marks. This makes the reconstruction of the attack path at the victim’s trivial. It is divided into two marking schemes. Deterministic Packet Marking scheme. Probabilistic packet Marking scheme.
CLASSIFICATION(Contd….)• FDPM Traceback It is the optimized version of DPM. It utilizes various bits(called marks) in the IP header which has a flexible length depending on the network protocol used to mark packets. When an IP packet enters the protected network, it is marked by the interface close to the source of the packet. Reconstruction of path can be made as that of DPM to identify the source of the attack if detected.
CLASSIFICATION(Contd….)• Advantages Number of packets required is comparatively less. Better Tracing Capability. It has Different probabilities that a router marks the attack packets.
CLASSIFICATION(Contd….)• TBPM Method It is based on the bloom filter which utilizes router’s local topology information. It helps to design a single packet IP traceback system that needs not to be fully deployed in the entire network. Topology Based Packet Marking has been a new approach in Anti-IP spoofing techniques. TBPM techniques are compatible with both IPv4 and IPv6; unlike present packet marking techniques that cannot be effectively implemented in IPv6 networks.
LIMITATION AND OPEN ISSUES It has the problem with tracing beyond corporate firewalls. To accomplish IP traceback, we need to reach the host where the attack originated. To trace packets through firewalls into corporate intranets the last- traced IP address might be the firewall’s address.
CHALLENGES AND FUTURE WORK Identifying the indirect sources of reflector based DDoS attacks. Identifying the attacker who conceals himself/herself with stepping stones. Integrating defensive measures with traceback so that one mechanism may perform tracing as well as detection and/or defense. Automatic traceback to speed up tracing and reduce human intervention.
CONCLUSION One conclusion we can draw from this is that unless IP trace back measures are deployed all over the Internet, they are only effective for controlled networks than for the Internet. Today we can find many tools for doing DoS attacks. DoS attacks have become very popular. Hence we need to design proper mechanisms to protect systems from such attacks.