NS-2 Based IP Traceback Simulation Against Reflector Based DDoS Attack

Reflector attack belongs to one of the most serious types of Distributed Denial-of-Service (DDoS) attacks, which can hardly be traced by traceback techniques, since the marked information written by any routers between the attacker and the reflectors will be lost in the replied packets from the reflectors. In response to such attacks, advanced IP traceback technology must be suggested. This study proposed a NS-2 based traceback system for simulating iTrace technique that identifies DDoS traffics with multi-hop iTrace mechanism based on TTL information at reflector for malicious reflector source trace. According to the result of simulation, the proposed technique reduced network load and improved filter/traceback performance on distributed reflector attacks.

[1]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[2]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[3]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[4]  Hyung-Jong Kim,et al.  Vulnerability Modeling and Simulation for DNS Intrusion Tolerance System Construction , 2004, AIS.

[5]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[6]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[7]  Eve Sprunt Speaking Up (September 2000) , 2000 .

[8]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[9]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[10]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[11]  J. Elliott,et al.  Distributed denial of service attacks and the zombie ant effect , 2000 .

[12]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[13]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).