tecnica de rastreamento
´
Origem de Ataques a Partir de um Unico
Pacote
Marcelo D. D. Moreira1 , Rafael P. Laufer2 ,
Natalia C. Fernandes1 e Otto Carlos M. B. Duarte1
1
GTA/PEE/COPPE, Universidade Federal do Rio de Janeiro
2
University of California at Los Angeles
Abstract. Anonymity is one of the main motivations for conducting denial-ofservice attacks. Currently, there is no mechanism to either identify the true source of an IP packet or to prove its authenticity. In this paper we propose a stateless IP traceback technique that identifies the origin network of each individual packet. We show that the proposed traceback system is the only one that scales with the number of attackers and also satisfies practical requirements, such as no state stored at routers and a header overhead (25 bits) that can be allocated in IPv4 header. The proposed system exploits the customer-provider hierarchy of the Internet at autonomous system (AS) level and introduces the idea of checkpoints, which are the two most important nodes in an AS-level path. Simulation results using a real-world topology trace show that the proposed system narrows the source of an attack packet down to less than two candidate ASes on average. In addition, considering a partial deployment scenario, we show that the proposed system is able to successfully trace more than 90% of the attacks if only 8% of the ASes (i.e., just the core ASes) implement the system.
The achieved success rate is quite better than using the classical hop-by-hop path reconstruction.
Resumo. O anonimato e´ uma das principais motivac¸o˜ es para a realizac¸a˜ o de ataques de negac¸a˜ o de servic¸o. Atualmente, n˜ao existe um mecanismo capaz de identificar a verdadeira origem de um pacote IP nem de provar sua autenticidade. Prop˜oe-se neste trabalho uma t´ecnica de rastreamento sem estado capaz de identificar a rede de origem de cada pacote individualmente. Mostra-se que