Demonstration Experiments Towards Practical IP Traceback on the Internet

Recently, Distributed Denial of Service (DDoS) attacks have become a critical issue on the Internet. Theoretical approaches into traceback systems to counter these attacks have been actively researched. However, with no instances of actual application of traceback systems on the Internet, such a response has yet to achieve widespread adoption. This is because multiple autonomous systems (ASs) need to be linked to carry out end-to-end tracking, and this poses a number of issues, including (i) the operational and practical environmental constraints of installing equipment at a variety of Internet Exchange Points (IXPs), (ii) the need to establish operational procedures, and (iii) establishing the monitoring points needed to conduct the traceback. Given these factors, with the aim of achieving the widespread adoption of traceback systems on the Internet in Japan, in this paper we introduce the challenges posed by installing equipment at multiple ASs and report on tracking experiments conducted in response to simulated attacks. Specifically, in terms of (i) environmental constraints, this involved summarizing the size and access restrictions of installed equipment, and in terms of (ii) establishing op,erational procedures, this involved summarizing the role of operators from the outbreak of an incident to conducting traces and taking countermeasures. Additionally, we investigated the connection status of ASs in Japan to calculate (iii) the number of ASs in which equipment must be installed to satisfy the adoption rate required to carry out tracking.

[1]  Craig Partridge,et al.  Hardware support for a hash-based IP traceback , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  T GoodrichMichael Probabilistic packet marking for large-scale IP traceback , 2008 .

[3]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[4]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[5]  M.F.A. Rasid,et al.  Accurate ICMP TraceBack Model under DoS/DDoS Attack , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[6]  Jun Li,et al.  Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation , 2008, IEEE/ACM Transactions on Networking.

[7]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[8]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[9]  Fred Baker,et al.  Ingress Filtering for Multihomed Networks , 2004, RFC.

[10]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[11]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[12]  K. Takemori,et al.  Performance Analysis of IP Traceback Systems with Serial and Parallel Control Schemes , 2007, 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[13]  Daisuke Miyamoto,et al.  An Autonomous Architecture for Inter-Domain Traceback across the Borders of Network Operation , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[14]  Daisuke Miyamoto,et al.  Outfitting an Inter-AS Topology to a Network Emulation TestBed for Realistic Performance Tests of DDoS Countermeasures , 2008, CSET.

[15]  Steve M. Bellovin,et al.  ICMP Traceback Message , 2003 .

[16]  Debdeep Mukhopadhyay,et al.  Preventing the Side-Channel Leakage of Masked AES S-Box , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).