|
GOSSIB vs. IP Traceback RumorsMarcel Waldvogel:GOSSIB vs. IP Traceback Rumors, 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 5-13, Las Vegas, Nevada, USA, December 2002. AbstractTo identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely groups of strongly similar birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more effiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effctively useless. It can be expected that GOSSIB has similar effcts on other PPM traceback schemes and that standard modifiations to the systems will not solve the problem.Documents
BibTeX entry@InProceedings{waldvogel02gossib, Author = {Marcel Waldvogel}, Title = {GOSSIB vs. IP Traceback Rumors}, BookTitle = {18th Annual Computer Security Applications Conference (ACSAC 2002)}, Year = 2002, Month = dec, Pages = {5--13} } |
The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.