Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Ip trace ppt
1. SEMINAR
ON
IP TRACEBACK SECURITY
Guided by: Presented By:
Miss Ranjita Mishra Deepak Kumar Marndi
Regd No-0801106165
CET,BBSR
2. CONTENTS
Introduction
Overview of Trace back system
Classification of Trace back Methods
Technologies For Preventing Network Attacks
Limitation and open Issues
Challenges and Future Works
Conclusion
References
3. INTRODUCTION
DOS(denial of service)
DDOS(distributed denial of
service
Spoofed IP address
IP Trace back
To identify the address of
Fig A Scenario of DOS Attack
the true source of the
packets causing a DOS.
4. OVERVIEW OF TRACEBACK
SYSTEM
Able to trace the attacker with a single packet.
Minimal processing overhead.
Very low level of ISP involvement.
High level of protection is preferred in a trace back system.
Producing meaningful traces are limited to the range of
deployment the trace back system.
5. CLASSIFICATION OF TRACEBACK
SYSTEM
Preventing Methods
Ingress Filtering
Reactive Methods
Link Testing
Input Debugging
Controlled Flooding
Logging
ICMP Trackback
Packet Marking Algorithm
FDPM Trackback
TBPM Trackback
6. CLASSIFICATION(Contd….)
• Ingress Filtering
Configure routers to block
packets that arrive with
illegitimate source
addresses.
Examine the source address
to distinguish between
Fig Ingress Filtering
legitimate and illegitimate
addresses.
Is most feasible in
customer or at the border of
the ISPs.
7. CLASSIFICATION(Contd….)
• Link Testing
Starts from the router closest to the victim.
It determines which link carries the attacker’s traffic.
It is divided into two types.
Input debugging.
Controlled flooding.
Disadvantage
Consumes huge amount of resources.
Causes denial of service when the no. of sources needed
to be increased.
8. CLASSIFICATION(Contd….)
• Logging
It logs packets at key routers.
It determines the attacker’s path based on the packet
traversing.
Drawback
Enormous resource requirements.
9. CLASSIFICATION(Contd….)
• ICMP TRACEBACK
It trace out the full path
of the attack.
It generates an iTrace at
every router directed to
the same destination as
the selected packet.
ICMP message contains
part of a traversing Fig ICMP Traceback Mechanism
packet and sends the
message to the packet’s
destination.
10. CLASSIFICATION(Contd….)
• Packet Marking Algorithm
In this algorithm when it forwards a packet it also
insert a mark in the packet which is an unique
identifier to the particular router.
The victim can determine all the intermediate hops
for each packet by observing inserted marks.
This makes the reconstruction of the attack path at the
victim’s trivial.
It is divided into two marking schemes.
Deterministic Packet Marking scheme.
Probabilistic packet Marking scheme.
11. CLASSIFICATION(Contd….)
• FDPM Traceback
It is the optimized version of DPM.
It utilizes various bits(called marks) in the IP header
which has a flexible length depending on the network
protocol used to mark packets.
When an IP packet enters the protected network, it is
marked by the interface close to the source of the packet.
Reconstruction of path can be made as that of DPM to
identify the source of the attack if detected.
12. CLASSIFICATION(Contd….)
• Advantages
Number of packets required is comparatively less.
Better Tracing Capability.
It has Different probabilities that a router marks the
attack packets.
13. CLASSIFICATION(Contd….)
• TBPM Method
It is based on the bloom filter which utilizes router’s
local topology information.
It helps to design a single packet IP traceback system
that needs not to be fully deployed in the entire
network.
Topology Based Packet Marking has been a new
approach in Anti-IP spoofing techniques.
TBPM techniques are compatible with both IPv4 and
IPv6; unlike present packet marking techniques that
cannot be effectively implemented in IPv6 networks.
15. LIMITATION AND OPEN ISSUES
It has the problem with tracing beyond corporate
firewalls.
To accomplish IP traceback, we need to reach the host
where the attack originated.
To trace packets through firewalls into corporate
intranets the last- traced IP address might be the
firewall’s address.
16. CHALLENGES AND FUTURE
WORK
Identifying the indirect sources of reflector based
DDoS attacks.
Identifying the attacker who conceals himself/herself
with stepping stones.
Integrating defensive measures with traceback so that
one mechanism may perform tracing as well as
detection and/or defense.
Automatic traceback to speed up tracing and reduce
human intervention.
17. CONCLUSION
One conclusion we can draw from this is that unless
IP trace back measures are deployed all over the
Internet, they are only effective for controlled
networks than for the Internet.
Today we can find many tools for doing DoS attacks.
DoS attacks have become very popular. Hence we
need to design proper mechanisms to protect systems
from such attacks.