Study on classification and characteristics of source address spoofing attacks in the internet

9th International Conference on Networks, ICN 2010

Volumn , Issue , 2010, Pages 226-230

  Bi, Jun ^a   Hu, Ping ^a   Li, Peiguo ^a  

^a TSINGHUA UNIVERSITY   (China)

Author keywords

Backscatter packets; Network attacks; Source address spoofing

Indexed keywords

NETWORK ATTACK; NETWORK TELESCOPES; PARTIAL INFORMATION; SOURCE ADDRESS; SPOOFING ATTACKS; STATISTICAL ANALYSIS;

BACKSCATTERING; COMPUTER CRIME; INTERNET;

OPTICAL TELESCOPES;

EID: 77954294167     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICN.2010.43     Document Type: Conference Paper

References (41)

1. P. Ferguson, D. Senie. (2000,May) Network ingress filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. [Online]. Available: http://www.ietf.org/rfc/rfc2827.txt?number=2827.
2. Computer Emergency Response Team (CERT). (2000, November 29). TCP SYN flooding and IP spoofing attacks. [Online]. Available: http://www.cert.org/ advisories/CA-1996-21.html .
3. Computer Emergency Response Team(CERT). ( 2000, March). Smurf IP Denial-of-Service Attacks. [Online]. Available: http://www/cert.org/advisories/ CA-1998-01.html.
4. D. Moore, C. Shannon, D. Brown, et al. (2006). Inferring Internet denial-of-service activity. [J]. IEEE/ACM Transactions on Computer System (TOCS).
5. Tanase M. (2003, March 11). IP Spoofing an Introduction. [Online]. Available: http://www.securityfocus.com/infocus/1674 .
6. V. Santiraveewan, Y. Permpoontanalarp. (2004,March) A Graphbased Methodology for Analyzing IP Spoofing Attack. [C]. 18th AINA, pp227-231.
7. M. Bailey, E. Cooke, F. Jahanian, et al. (2006,March). Practical Darknet Measurement [C]. Proc. 40th Conf. on Information Sciences and Systems, pp1496-1501.
8. G. Jin, H. Wang, K. G. Shin. (2003). Hop-count filtering: an effective defense against spoofed DDoS traffic. [C]. In Proceedings of the 10th ACM conference on Computer and communication security. Washington, D.C., USA.
9. K. Park, H. Lee. (2001, August) On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. [C]. ACM SIGCOMM 2001.
10. J. Mirkovic, A. Hussain, B. Wilson, et al. (2007, June). Towards User-Centric Metrics for Denial of Service Measurement [C]. In Proceedings of the Workshop on Experimental Computer Science (part of ACM FCRC).
11. K. Lee, J. Kim, K.H. Kwon, et al. (2008). DDoS attack detection method using cluster analysis. [J]. Expert Systems with Applications 34, pp1659-1665.
12. W. Eddy. (2006, Dec.). Defenses Against TCP SYN Flooding Attacks. [J]. The Internet Protocol Journal, Volume 9, No.4.
13. W. Chen, D. Y. Yeung. Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing [C]. ICN/ICONS/MCL Jan 2006, pp38-43.
14. H. Wang, G. Jin, K. G. Shin. Defense Against Spoofed IP Traffic Using Hop-Count Filtering. [J]. IEEE/ACM Transactions on Networking, Vol 15, No 1, February 2007.
15. L. Garber. Denial-of-service attacks rip the Internet. [J]. Computer, Apr. 2000, pp12-17.
16. J. Elliott. Distributed denial of service attack and the zombie ant effect. [J]. IT Professional, March/April 2000, pp55-57.
17. MIT IP Spoofer Project website. [Online]. Available: http://spoofer. csail.mit.edu/summary.php.
18. J. Howe. (1993, June 21). An Environment for "Sniffing" DCE-RPC Traffic, CITI Technical Report 93-94 [Online]. Available: http://www.citi. umich.edu/techreports/reports/citi-tr-93-4.pdf.
19. F. Ali. (2007, Dec.) IP Spoofing. [Online]. Available: http://www.cisco.com/web/about/ac123/ac147/archived-issues/ipj-10-4/ 104-ip-spoofing.html.
20. Y. Rekhter, B. Moskowitz, D. Karrenberg, et al. (1996, Feb.)Address Allocation for Private Internets. [Online]. Available: http://www.ietf.org/rfc/ rfc1918.txt?number=1918.
21. Bogon list sources. (Oct 18, 2003). [Online]. Available: http://www.completewhois.com/bogons/.
22. S. Gibson. (2002, Feb.). Distributed reflection denial of service: description and analysis of a potent, increasing prevalent, and worrisome internet attack. [Online]. Available: Http://grc.com/dos/drdos.htm.
23. D. Dittrich. (1999, Oct.) The "Tribe Flood Network" distributed denial of service attack tool. [Online]. Available:http://staff.washington.edu/ dittrich/misc/tfn.analysis.txt.
24. CERT Advisory CA-1997-28 IP Denial-of-Service Attacks. [Online]. Available: http://www.cert.org/advisories/CA-1997-28.html.
25. J. Barlow, W. Thrower. (2000, Mar 7). TFN2K-An Analysis. [Online]. Available: http://www.packetstormsecurity.org/distributed/TFN2k-Analysis-1.3. txt.
26. M. D. Ray. (1981). Transmission Control Protocol DARPA Internet Program Protocol Specification. [Online]. Available: http://www.ietf.org/rfc/rfc793.txt? number=793 .
27. Cisco IOS, (2005). Unicast reverse path forwarding. [Online]. Available: http://www.cisco.com/en/US/docs/ios/12-2t/12-2t13/feature/guide/ft-urpf. html#wp1048141.
28. D. Huang, Q. Cao, A. Sinha, et al. New Architecture For Intra-Domain Network Security Issues. [J]. Communications of the ACM, Nov 2006, pp64-72.
29. Definition of man-in-the-middle. (2007, Jun 5). [Online]. Available: http://searchsecurity.techtarget.com/sDefinition/0sid14-gci499492,00.html.
30. K. E. Giles, D. J. Marchette, C. E. Priebe. On the spectral analysis of backscatter data. [C]. in Hawaii International Conference on Statistics and Related Fields, 2004.
31. D. Moore, C. Shannon, G. M. Voelker, et al. Network telescopes, CAIDA, Tech. Rep., 2003.
32. J. Postel. (1981, Sep.). Internet control message protocol, DARPA Internet program protocol specification. [Online]. Available: http://www.ietf.org/rfc/rfc792.txt?number=792 .
33. Tcpipguide. [Online]. Available: http://www.tcpipguide.com/
34. C. Shannon, D. Moore, and E. Aben, The CAIDA Backscatter-2008 Dataset-2008-2105 [Online]. Available: http://www.caida.org/data/passive/ backscatter-2008-dataset.xml.
35. F. Kargl, J. Maier, S. Schlott, et al. Protecting Web Servers from Distributed Denial of Service Attacks. [C]. WWW10, May 1, 2001.
36. Microsoft Windows 2000 WebDAV buffer overflow vulnerability (MS03-007). [Online]. Available: http://www.securityfocus.com/bid/7116.
37. The Spamhaus Project [Online]. Available: http://www.spamhaus.org/.
38. An analysis of TCP/IP NetBIOS file-sharing protocols. [Online]. Available: http://www.windowsecurity.com/whitepapers/An-nalysis-f-TCPIP-NetBIOS- filesharing-protocols-.html
39. Microsoft Windows Locator Service buffer overflow vulnerability (MS03-001). [Online]. Available: http://www.securityfocus.com/bid/6666.
40. Analysis of Network Denial of Service. (2004, Nov.) [Online]. Available: http://www.ufsdump.org/papers/uuasc-novemberddos.pdf.
41. C. Kalt. (2000, Apr.). Internet relay chat: Architecture. [Online]. Available: http://www.ietf.org/rfc/rfc2810.txt?number=2810.