The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

On the use of path identification to block attack packets

On the use of path identification to block attack packets
On the use of path identification to block attack packets

Many techniques have been proposed by the research community to mitigate the effect of flooding Denial of Service (DoS) attacks. The effects of DoS attacks are agravated by the ability of attackers to hide the source of the attack packets. A widely used class of solutions (e.g. trace-back) is based on marking packets, from source to destination, by intermediate routers and selectively blocking packets based on the path they traveled. In this paper we show that router level path identification offers more details then needed. We also show that packets originating from a group of device will follow almost identical paths to the destination. Thus a single attacker can spoof its address in such a way that will lead to a whole group in the source domain to be labeled as attack sources. We argue that a more coarse grained path identification, such as the Autonomous System path identification be used instead.

619-624
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6

Farhat, Hikmat (2009) On the use of path identification to block attack packets. In 2nd International Conference on the Applications of Digital Information and Web Technologies, ICADIWT 2009. pp. 619-624 . (doi:10.1109/ICADIWT.2009.5273907).

Record type: Conference or Workshop Item (Paper)

Abstract

Many techniques have been proposed by the research community to mitigate the effect of flooding Denial of Service (DoS) attacks. The effects of DoS attacks are agravated by the ability of attackers to hide the source of the attack packets. A widely used class of solutions (e.g. trace-back) is based on marking packets, from source to destination, by intermediate routers and selectively blocking packets based on the path they traveled. In this paper we show that router level path identification offers more details then needed. We also show that packets originating from a group of device will follow almost identical paths to the destination. Thus a single attacker can spoof its address in such a way that will lead to a whole group in the source domain to be labeled as attack sources. We argue that a more coarse grained path identification, such as the Autonomous System path identification be used instead.

This record has no associated files available for download.

More information

Published date: 4 August 2009
Venue - Dates: 2nd International Conference on the Applications of Digital Information and Web Technologies, ICADIWT 2009, , London, United Kingdom, 2009-08-04 - 2009-08-06

Identifiers

Local EPrints ID: 492299
URI: http://eprints.soton.ac.uk/id/eprint/492299
DOI: doi:10.1109/ICADIWT.2009.5273907
PURE UUID: 0dcd5403-6a82-47bb-97bc-22bae881c913
ORCID for Hikmat Farhat: ORCID iD orcid.org/0000-0002-5043-227X

Catalogue record

Date deposited: 23 Jul 2024 17:12
Last modified: 24 Jul 2024 02:06

Export record

Altmetrics

Contributors

Author: Hikmat Farhat ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×