• Title/Summary/Keyword: traceback

Search Result 122, Processing Time 0.021 seconds

Design and Implementation of a Traceback System based on a Traceback Agent (역추적 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • Jeong, Jong-Min;Lee, Ji-Yul;Lee, Goo-Yeon
    • Journal of Industrial Technology
    • /
    • v.22 no.B
    • /
    • pp.147-153
    • /
    • 2002
  • It is very important to detect and remove original sources of DOS (Denial of Service) attacks or connection oriented/connectionless attacks. In this paper, we implement a traceback system that does not require the reaction of routers and administrators and does not need log data. We bring in a traceback server and traceback agents in each network and use sniffing and spoofing schemes. Finally, the traceback server detects attacking hosts using information transmitted from traceback agents.

  • PDF

Design an Algorithm Matching TCP Connection Pairs for Intruder Traceback (침입자 역추적을 위한 TCP 연결 매칭 알고리즘 설계)

  • Kang Hyung-Woo;Hong Soon-Jwa;Lee Dong-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.11-18
    • /
    • 2006
  • In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

Design of Network-based Real-time Connection Traceback System with Connection Redirection Technology

  • Choi, Yang-Sec;Kim, Hwan-Guk;Seo, Dong-Il;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2101-2105
    • /
    • 2003
  • Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the characteristics of Internet - diversity, anonymity - the real-time traceback is very difficult. To over-come this problem the Network-based Real-Time Connection Traceback System (NRCTS) was proposed. But there is a security problem that the victim system can be hacked during the traceback. So, in this paper, we propose modified NRCTS with connection redirection technique. We call this traceback system as Connection Redirected Network-based Real-Time Connection Traceback System (CR-NRCTS).

  • PDF

Development of Traceback System Using IDS Module (침입탐지 모듈을 이용한 역추적시스템 개발)

  • 김선영;구향옥;서동일;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2003.05a
    • /
    • pp.227-230
    • /
    • 2003
  • A system connected in Internet can be intruded by cracker via several systems. This paper proposes an efficient traceback model in order to trace a route of crackers. The traceback system is composed of a traceback server model and a traceback client model, As transmitting intrusion information from an area where client agent is installed to traceback server, the system distinguishes which systems are used as intrusion route. The traceback system can retrace intrusion route efficiently in an area where a traceback client is installed.

  • PDF

A New Intruder Traceback Mechanism based on System Process Structure (시스템 프로세스 구조에 기반을 둔 침입자 추적 메커니즘)

  • 강형우;김강산;홍순좌
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.233-239
    • /
    • 2004
  • In this paper, we describe a defense mechanism to cope with stepping stones attacks in high-speed networks. (Stepping stones Attacker launches attacks not from their own computer but from intermediary hosts that they previously compromised.) We aim at tracing origin hacker system, which attack target system via stepping stones. There are two kind of traceback technology ; IP packet traceback, or connection traceback. We are concerned with connection traceback in this paper. We propose a new host-based traceback. The purpose of this paper is that distinguish between origin hacker system and stepping stones by using process structure of OS(Operating System).

  • PDF

Advanced n based Packet Marking Mechanism for IP Traceback (TTL 기반 패킷 마킹 방식을 적용한 IP 패킷 역추적 기법)

  • Lee Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.6 no.1
    • /
    • pp.13-25
    • /
    • 2005
  • Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

  • PDF

Pushback based Advanced ICMP Traceback Mechanism Against DDoS Attack (DDoS 공격에 대한 Pushback 기반 개선된 ICMP Traceback 기법)

  • Lee Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.5 no.1
    • /
    • pp.85-97
    • /
    • 2004
  • Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a "advanced ICMP Traceback" mechanism. which is based on the modified push back system. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.ck source.

  • PDF

Design and Implementation of a Traceback System based on Multi-Agents (다중 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • 정종민;이지율;이구연
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.3-11
    • /
    • 2003
  • It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

An IP Traceback "M"echanism with "E"nhanced "I"ntegrity for IPv6-based NGN Environment (IPv6 기반 NGN 환경에서 무결성을 제공하는 역추적 기법)

  • Jang, Jae-Hoon;Yeo, Don-Gu;Choi, Hyun-Woo;Youm, Heung-Youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.3
    • /
    • pp.31-41
    • /
    • 2010
  • It is difficult to identify attacker's real location when the attacker spoofs IP address in current IPv4-based Internet environment. If the attacks such as DDoS happen in the Internet, we can hardly expect the protection scheme to respond to these attacks in active or real-time manner. Many traceback techniques have been proposed to protect against these attacks, but most traceback schemes were designed to work with the IPv4-based Internet and found to be lack of verification of whether the traceback related information is forged or not. Few traceback schemes for IPv6-based network environment have been suggested, but it has these disadvantages that needs more study. In this paper, we propose the reliable IP traceback scheme supporting integrity of traceback-related information in IPv6 network environment, simulate it, and compare our proposed scheme with exsisting traceback mechanisms in terms of overhead and functionality.

Analysis and Design of IP Traceback System (IP 역추적 시스템 분석 및 설계)

  • 황영철;최병선;이성현;이원구;이재광
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.307-310
    • /
    • 2004
  • As computers and networks become popular, distributing information on the Internet is common in our daily life. Also, the explosion of the Internet, of wireless digital communication and data exchange on Internet has rapidly changed the way we connect with other people. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System.

  • PDF