A NOVEL APPROACH TO DISCLOSE THE LOCATIONS OF IP SPOOFERS USING ICMP

International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC)

Abstract

The system implementation mainly focusing disclosing the Locations of IP Spoofers from Path Back scatter using the passive IP trace back (PIT) that bypasses the deployment difficulties of IP trace back techniques. PIT investigates Internet Control Message Protocol error messages (named path backscatter) triggered by spoofing traffic, and tracks the spoofer’s based on public available information (e.g., topology). In this way, PIT can find the spoofer’s without any deployment requirement. This paper illustrates the causes, collection, and the statistical results on path back scatter, demonstrates the processes and effectiveness of PIT, and shows the captured locations of spoofer’s through applying PIT on the path back scatter data set. These results can help further reveal IP spoofing, which has been studied for long but never well understood. Though PIT cannot work in all the spoofing attacks, it may be the most useful mechanism to trace spoofers before an Internet-level trace back system has been deployed in real.

References

[1] Aloysius Wooi Kiak Ang, Wee Yong Lim, and Vrizlynn L. L. Thing “FACT: A Framework for Authentication in CloudBased IP Traceback,” IEEE Transactions on Information Forensics And Security, Vol. 12, No. 3, March 2017.

[2] T. H.-J. Kim, C. Basescu, L. Jia, S. B. Lee, Y.-C. Hu, and A. Perrig, ”Lightweight source authentication and path validation,” in Proc. SIGCOMM, 2014, pp. 271-282.

[3] Y. Xiang, W. Zhou, and M. Guo, “Flexible deterministic packet marking: An IP traceback system to find the real source of attacks,"IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 4, pp. 567-580, Apr. 2009.

[4] S. Yu, W. Zhou, R. Doss, and W. Jia, “Traceback of DDoS attacks using entropy variations,” IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 3, pp. 412-425, Mar. 2011.

[5] L. Cheng, D. M. Divakaran, W. Y. Lim, and V. L. L. Thing, “Opportunistic piggy-back marking for IP traceback,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 2, pp. 273-288, Feb. 2016.

[6] H. Tian and J. Bi, “An incrementally deployable flowbased scheme for IP trace-back,”IEEE Commun. Lett., vol. 16, no. 7, pp. 1140-1143, Jul. 2012.

[7] G. Yao, J. Bi, and A. V. Vasilakos, “Passive IP trace back: Disclosing the locations of IP spoofers from path back scatter,”IEEE Trans. Inf. Forensics Security, vol. 10, no. 3, pp. 471-484, Mar. 2015.

[8] H. Zhang, J. Reich, and J. Rexford, “Packet traceback for software defined networks,” Princeton Univ., Princeton, NJ, USA, Tech. Rep. TR-978-15, 2015

Keywords

IP trace back, marking based trace back, opportunistic piggyback marking, network forensics, Internet Service Provider (ISP), intrusion detection system.