CSCI6268L27 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #27 Nov 6 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Packet Marking Idea: mark packets as they pass through routers The mark should give information as to what route the packet took One idea is to mark every packet that traverses a given router Just append their IP address to a list in the IP header Drawback is that this is a HUGE burden to put on routers – They would have to mark EVERY packet – Packets would get enormous if they travel a long route Packets might be caused to fragment
Background image of page 2
Probabilistic Packet Marking First, some assumptions: Attackers can generate any packet Attackers can conspire Packets can be lost or reordered Route from attacker to victim is mostly stable Routers are not widely compromised
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
PPM: Continued Each router writes its address in a 32-bit field only with probability p Routers don’t care if they are overwriting another router’s address Probability of seeing the mark of a router d hops away is p(1-p) d-1 This is monotonic so victim can sort by number of packets received and get the path Smallest number is received by furthest router, etc
Background image of page 4
PPM: Difficulties We have to change the IP header any time a router marks a packet This means storing the mark (has drawbacks) Updating the header checksum • But this is already done for TTL decrements But we may need a LOT of packets to reconstruct a path Suppose p=0.51 and d=15, then we need more than 42,000 to get a single sample from the furthest router To get the order right with 95% probability requires around 300,000 packets Multiple attackers complicates matters With multiple attackers at the same distance, this all breaks down
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reserve two address-sized fields in the IP header: “start” and “end” Reserve a small “distance” field as well When a router decides to mark a packet, it writes its address in the “start” field and zeroes the distance field When a router sees a zero in the distance field, it writes its address in the “end” field If a router decides not to mark a packet, it increments the distance field only Must use saturating addition This is critical to minimize spoofing by the attacker; without it, attackers could inject routers close to the victim Now attacker can only spoof marks with distance counts equal or greater than its distance from the victim
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 20

CSCI6268L27 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online