论文信息 - Mohonk: mobile honeypots to trace unwanted traffic early

Mohonk: mobile honeypots to trace unwanted traffic early

Honeypots have been traditionally used to advertise dark address space and gather information about originators of traffic to such addresses. With simple thresholding mechanisms this technique has shown itself to be fairly effective in identifying suspicious IP addresses. Honeypots are however unsuitable to locate the precise entry point of unwanted traffic. Tracing back to the origination of such traffic is hard due to the delay and difficulty of maintaining state along the path of such traffic. We propose a novel mobile honeypot mechanism that allows unwanted traffic to be detected significantly closer to the origin. The mobility in our scheme stems from additional information that is made available to the upstream ASes as well as the changes in the set of dark address space advertised. Sharing information with a network of friendly ASes has the potential to identify and significantly lower unwanted traffic on such links.

Balachander Krishnamurthy | B. Krishnamurthy

[1] Sean Convery,et al. An Attack Tree for the Border Gateway Protocol , 2003 .

[2] Ravishanker Chandra,et al. BGP Communities Attribute , 1996, RFC.

[3] Doughan Turk,et al. Configuring BGP to Block Denial-of-Service Attacks , 2004, RFC.

[4] Honeypots,et al. Honeypots Definitions and Value of Honeypots , .

[5] Yakov Rekhter,et al. A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[6] Brian Weis. Secure Origin BGP (soBGP) Certificates , 2006 .

[7] Patrick D. McDaniel,et al. Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[8] Kevin A. Kwiat,et al. Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9] Somesh Jha,et al. Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[10] Sharad Agarwal. BGP Proxy Community Community , 2004 .