Title :
A robust packet-filtering method for high-bandwidth aggregates
Author :
Wang, Bao-Tung ; Schulzrinne, Henning
Author_Institution :
Dept. of Comput. Sci., Columbia Univ., New York, NY, USA
Abstract :
We propose a robust approach that integrates the concepts of IP traceback and packet filtering. On one hand, our approach employs an IP traceback technique to identify the paths and the sources of the attack at the victim´s system; on the other, in accordance with the result from the IP traceback, the victim is eligible to request routers close to the attack origins for packet filtering. The reason that our approach is robust is that during the IP traceback process, the victim receives essential information indicating the origins of flooding packets. Most importantly, the information will have been signed by the packet-filtering router itself. The request authentication is indispensable because otherwise an attacker can simply manipulate the packet filtering mechanism to intentionally drop specific IP packets and launch a successful DoS attack.
Keywords :
Internet; message authentication; routing protocols; telecommunication security; telecommunication traffic; DoS attack; IP traceback; attack sources; high-bandwidth aggregates; packet-filtering router signature; path identification; request authentication; robust packet filtering; Aggregates; Computer crime; Computer science; IP networks; Information filtering; Information filters; Internet; Random number generation; Robustness; Telecommunication traffic;
Conference_Titel :
Electrical and Computer Engineering, 2004. Canadian Conference on
Print_ISBN :
0-7803-8253-6
DOI :
10.1109/CCECE.2004.1345261
