Title :
GOSSIB vs. IP traceback rumors
Author :
Waldvogel, Marcel
Author_Institution :
Zurich Res. Lab., IBM Res., Zurich, Switzerland
Abstract :
To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. We introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. (2000). We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more efficiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effectively useless. It can be expected that GOSSIB has similar effects on other PPM traceback schemes and that standard modifications to the systems will not solve the problem.
Keywords :
Internet; security of data; telecommunication security; transport protocols; GOSSIB; Groups Of Strongly Similar Birthdays; IP traceback rumors; Internet; PPM traceback schemes; compressed edge fragment sampling; distributed denial-of-service attacks; misinformation; path traceback mechanisms; probabilistic packet marking; Broadcasting; Computer crime; Computer networks; Information analysis; Laboratories; Proposals; Protection; Sampling methods; Web and internet services; Web server;
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176273
