GOSSIB vs. IP Traceback Rumors

Vorschaubild
Dateien
waldvogel02gossib.pdf
waldvogel02gossib.pdfGröße: 144.66 KBDownloads: 574
Datum
2002
Autor:innen
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
http://nbn-resolving.de/urn:nbn:de:bsz:352-opus-24357
DOI (zitierfähiger Link)
ArXiv-ID
Internationale Patentnummer
Link zur Lizenz
Attribution-NonCommercial-NoDerivs 2.0 Generic
EU-Projektnummer
DFG-Projektnummer
Forschungsförderung
Projekt
Open Access-Veröffentlichung
Sammlungen
Informatik und Informationswissenschaft
Gesperrt bis
Titel in einer weiteren Sprache
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
18th Annual Computer Security Applications Conference (ACSAC 2002). 2002, pp. 5-13
Zusammenfassung

To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely groups of strongly similar birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more effiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effctively useless. It can be expected that GOSSIB has similar effcts on other PPM traceback schemes and that standard modifiations to the systems will not solve the problem.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
Konferenz
Rezension
undefined / . - undefined, undefined
Zitieren
ISO 690WALDVOGEL, Marcel, 2002. GOSSIB vs. IP Traceback Rumors. In: 18th Annual Computer Security Applications Conference (ACSAC 2002). 2002, pp. 5-13
BibTex
@inproceedings{Waldvogel2002GOSSI-6010,
  year={2002},
  title={GOSSIB vs. IP Traceback Rumors},
  booktitle={18th Annual Computer Security Applications Conference (ACSAC 2002)},
  pages={5--13},
  author={Waldvogel, Marcel}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/6010">
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>Waldvogel, Marcel</dc:contributor>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6010/1/waldvogel02gossib.pdf"/>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:44Z</dcterms:available>
    <dcterms:rights rdf:resource="http://creativecommons.org/licenses/by-nc-nd/2.0/"/>
    <dcterms:issued>2002</dcterms:issued>
    <dcterms:title>GOSSIB vs. IP Traceback Rumors</dcterms:title>
    <dc:creator>Waldvogel, Marcel</dc:creator>
    <dc:rights>Attribution-NonCommercial-NoDerivs 2.0 Generic</dc:rights>
    <dcterms:bibliographicCitation>First publ. in: 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 5-13, Las Vegas, Nevada, USA, Dec. 2002</dcterms:bibliographicCitation>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6010/1/waldvogel02gossib.pdf"/>
    <dc:format>application/pdf</dc:format>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6010"/>
    <dc:language>eng</dc:language>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:08:44Z</dc:date>
    <dcterms:abstract xml:lang="eng">To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely groups of strongly similar birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more effiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effctively useless. It can be expected that GOSSIB has similar effcts on other PPM traceback schemes and that standard modifiations to the systems will not solve the problem.</dcterms:abstract>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Nein
Begutachtet