论文信息 - Subliminal Traceroute in TCP/IP

Subliminal Traceroute in TCP/IP

We introduce a technique for tracing a class of “man in the middle” TCP spoofing attacks. The technique works by embedding a traceroute-like mechanism, which we call subliminal traceroute (ST), in the acknowledgment stream of an active TCP connection. We consider the design considerations of ST and show that the attacker can take an active role to defeat our method. We conclude by suggesting future work on ST that may make it more difficult to defeat.

Eugene H. Spafford | Thomas E. Daniels

[1] Nei Kato,et al. Towards trapping wily intruders in the large , 2000, Recent Advances in Intrusion Detection.

[2] Robert Morris. A Weakness in the 4.2BSD Unix† TCP/IP Software , 1999 .

[3] Jeff Rowe. Intrusion Detection and Isolation Protocol: Automated Response to Attacks , 1999, Recent Advances in Intrusion Detection.

[4] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.

[5] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..