Mitigation of Denial of Service Attack using IPTraceback

 

NC Syed Raza Mohsin

NC Adnan Aijaz

Capt Wasif Rehman

Capt Haseeb Khan

DS. Lt. Col. Mofasir-ul-Haque


INTRODUCTION

              Today’s life has been revolutionized by Internet. The Internet is the basis of number of innovative technologies like the World Wide Web, Email, VOIP etc. It has enabled instant access to vast and diverse resources. But, Internet is also vulnerable to number of attacks from different sources. Major categories of attacks during 2006 were viruses, insider abuse of access, unauthorized access to information, and denial of service (DoS) attack. There are number of freely available tools on Internet, from covertly exchanged exploit programs to publicly released vulnerability assessment software, to degrade performance or even disable vital network services.


DoS/DDoS Attack

The aim of DoS attack is to prevent legitimate users access to system resources by shutting down or seriously slowing down a service provided by a computer system.  DoS first received large scale public attention in February 2000 when major Internet sites including CNN, Yahoo, e bay and Amazon were brought down by DoS attacks. CNN and other victims claimed that the attack caused damages totaling $1.7 billion.In distributed DoS (DDoS) attack, the attacker uses hundreds or thousands of compromised hosts, often residing on different networks, to overload and crash target system. 

Flooding DoS Attacks

            A flooding DoS attack is based on brute force. Real-looking but unnecessary data is sent as much as possible to a victim. As a result, network bandwidth is wasted, disk space is filled with unnecessary data, or processing power is spent for unuseful purposes. Flooding DoS attacks are carried out as either direct or reflector attacks. Example of flooding attack is TCP SYN flooding.  

Logic DoS Attacks

            The objective of logic DoS attacks is to build a small number of specific packets exploiting vulnerabilities which cause the victim to do abnormal things. The packets are normally sent directly to a victim because special knowledge about vulnerability is required for building the attack packets. Example of logic attack is the LAND attack

IP Traceback    

The solution to DoS/DDoS attacks is IP Traceback i-e, to identify the true IP address of a host originating attack packets. IP trace back is vital for quickly restoring normal network functionality and preventing reoccurrences. 


    Our Contribution (Proposed IP Traceback Technique).

The Basic Technique

       A Hybrid IP Traceback Technique Based on TTL Identification


Key Aspects of this technique include    

      1. Capability of tracing any type of DoS attack.

      2. Minimum overhead in terms of storage and marking.

      3. Faster convergence.

      4. No need of path reconstruction algorithm.

      5. Compatilble with IPv4, IPv6 and Mobile IP.


Check the TTL value in the IP header. If a match of TTL value is found with the stored table, the packet is valid for marking. If match not found, simply forward the packet.
Check the Reserved Flag. If its value is ‘1’, forward the packet without marking. If its value is ‘0’, the packet is valid for marking.
Check the source IP address. If it is having a valid network id, mark the packet. That is, write IP address of router / HA into first four bytes of route data in Record Route (RR) field.
If the source address is not having a valid network id, check the IP address in visitor list (on FA). If a match found, retrieve the corresponding HA address from visitor list. Then, write HA address into first four bytes of route data in RR field.
 If source IP address is not having a valid network id and there is no entry of the source IP address in the visitor list, simply discard the packet.

Conclusion  and Future Work

The development of IP traceback techniques is motivated by different DoS attacks in recent years. With the development of Mobile IP, more complex DoS attacks can be launched. However, IP traceback is the first step in identifying the attacker behind the attacks. The effectiveness of any traceback technique depends primarily on its overhead, convergence and the ability to trace any type of DoS attack. The hybrid technique presented here is capable of tracing any type of DoS attack because we can trace even a single packet. It can even trace beyond the corporate firewalls which is a challenge faced by most of the existing traceback techniques. It also eliminates the reflector DDoS attacks. It is particularly designed for networks supporting both wired and mobile nodes. Today there is a need for practical implementation of an effective technique so that IP traceback could be carried out in real time across the internet.There is a lack of research on IP traceback for Mobile IPv6. The packet marking technique presented in this thesis is compatible with Mobile IPv4; however it can be extended for Mobile IPv6.

thesis_pdf_file.pdf
File Size: 1040 kb
File Type: pdf
Download File

software_mannual.pdf
File Size: 1512 kb
File Type: pdf
Download File

ns.doc
File Size: 395 kb
File Type: doc
Download File

code.tcl
File Size: 3 kb
File Type: tcl
Download File

mipsimulation2.tcl
File Size: 8 kb
File Type: tcl
Download File

ttl.cc
File Size: 4 kb
File Type: cc
Download File

ip.h
File Size: 3 kb
File Type: h
Download File

ip.cc
File Size: 2 kb
File Type: cc
Download File

ip_trace_back_techniques_to_ferret_out_denial_of_servie_atta.pdf
File Size: 499 kb
File Type: pdf
Download File

ip_traceback_support_for_wired_and_mobile_ip_networks6.pdf
File Size: 164 kb
File Type: pdf
Download File