论文信息 - IP Traceback in a Switched Ethernet Network

IP Traceback in a Switched Ethernet Network

IP traceback is the generic term given to systems that allow the tracing of IP packets back to their originating machine. A common shortcoming shared by existing traceback proposals is that they are able to identify the source network, but not the source host. Our work extends the traceback process by allowing the tracing of frames within the originating network (once this has been identified) to identify the originating host. We extend the SPIE system (which operates at the IP routers) with auditing at the Ethernet switches. The Ethernet traffic visibility issue is resolved with the use of switch port mirroring. The MAC address table is used to establish causality between the source frame address and source switch port. Our work removes the requirement for a specific network topology, as is the case in other known solutions. We provide a prototype implementation and preliminary evaluation of this to establish the efficacy of our proposal. © 2007 University of Newcastle upon Tyne. Printed and published by the University of Newcastle upon Tyne, Computing Science, Claremont Tower, Claremont Road, Newcastle upon Tyne, NE1 7RU, England. Bibliographical details ANDREOU, M. S., VAN MOORSEL, A. IP Traceback in a Switched Ethernet Network [By] M. S. Andreou, A. van Moorsel. Newcastle upon Tyne: University of Newcastle upon Tyne: Computing Science, 2007. (University of Newcastle upon Tyne, Computing Science, Technical Report Series, No. CS-TR-1040)

Moorsel A van | Andreou

[1] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.

[2] Anna R. Karlin,et al. Network support for IP traceback , 2001, TNET.

[3] Clay Shields,et al. Tracing the Source of Network Attack: A Technical, Legal and Societal Problem , 2001 .

[4] Hiroaki Hazeyama,et al. A Layer-2 Extension to Hash-Based IP Traceback , 2003 .

[5] Y. Kadobayashi,et al. An implementation of a hierarchical IP traceback architecture , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[6] Craig Partridge,et al. Single-packet IP traceback , 2002, TNET.

[7] Greg Kroah-Hartman,et al. Linux Device Drivers , 1998 .

[8] Rich Seifert,et al. The Switch Book: The Complete Guide to LAN Switching Technology , 2000 .

[9] Bill Cheswick,et al. Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[10] Christian Benvenuti. Understanding Linux Network Internals , 2005 .

[11] Robert Stone,et al. CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[12] Dan Romascanu,et al. Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0 , 1999, RFC.