Return to search

Using Probing Packets to Repair The Incomplete IP Traceback

An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path.

Identiferoai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0623104-145745
Date23 June 2004
CreatorsHuang, Ming-Cheng
Contributorsnone, none, none, none
PublisherNSYSU
Source SetsNSYSU Electronic Thesis and Dissertation Archive
LanguageEnglish
Detected LanguageEnglish
Typetext
Formatapplication/pdf
Sourcehttp://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0623104-145745
Rightsrestricted, Copyright information available at source archive

Page generated in 0.0021 seconds