Sciweavers

LISA
2000

Tracing Anonymous Packets to Their Approximate Source

14 years 16 days ago
Tracing Anonymous Packets to Their Approximate Source
Most denial-of-service attacks are characterized by a flood of packets with random, apparently valid source addresses. These addresses are spoofed, created by a malicious program running on an unknown host, and carried by packets that bear no clues that could be used to determine their originating host. Identifying the source of such an attack requires tracing the packets back to the source hop by hop. Current approaches for tracing these attacks require the tedious continued attention and cooperation of each intermediate Internet Service Provider (ISP). This is not always easy given the world-wide scope of the Internet. We outline a technique for tracing spoofed packets back to their actual source host without relying on the cooperation of intervening ISPs. First, we map the paths from the victim to all possible networks. Next, we locate sources of network load, usually hosts or networks offering the UDP chargen service [5]. Finally, we work back through the tree, loading lines or ro...
Hal Burch, Bill Cheswick
Added 01 Nov 2010
Updated 01 Nov 2010
Type Conference
Year 2000
Where LISA
Authors Hal Burch, Bill Cheswick
Comments (0)