{"title":"Detecting offensive routers: a straightforward approach","authors":"B.-T. Wang, H. Schulzrinne","doi":"10.1109/CCST.2003.1297604","DOIUrl":null,"url":null,"abstract":"Packet dropping attack (PDA) is a network attack that utilizes compromised network elements to degrade network performance or quality by intentionally dropping a certain amount of IP packets. The major distinction of the PDA from traditional denial-of service (DoS) attack is that some victims do not even discern that they are under attack. Offensive router detection (ORD) is a mechanism capable of detecting offensive routers that are performing the PDA. The ORD mechanism is based on the principle of conservation of flow in the network, and employs a new proposed ICMP message, Caddie message, which records packet forwarding information in the Caddie messages. Therefore, after analyzing the information, we can identify routers that are abnormally dropping packets. We show the advantages of the ORD mechanism over other existing network monitoring mechanisms and discusses storage and bandwidth overhead issues. We also demonstrate the advantages and the effectiveness of the approach by simulating the functionality of the ORD mechanism to detect four different packet-dropping patterns.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2003.1297604","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Packet dropping attack (PDA) is a network attack that utilizes compromised network elements to degrade network performance or quality by intentionally dropping a certain amount of IP packets. The major distinction of the PDA from traditional denial-of service (DoS) attack is that some victims do not even discern that they are under attack. Offensive router detection (ORD) is a mechanism capable of detecting offensive routers that are performing the PDA. The ORD mechanism is based on the principle of conservation of flow in the network, and employs a new proposed ICMP message, Caddie message, which records packet forwarding information in the Caddie messages. Therefore, after analyzing the information, we can identify routers that are abnormally dropping packets. We show the advantages of the ORD mechanism over other existing network monitoring mechanisms and discusses storage and bandwidth overhead issues. We also demonstrate the advantages and the effectiveness of the approach by simulating the functionality of the ORD mechanism to detect four different packet-dropping patterns.
丢包攻击(Packet drop attack, PDA)是一种利用受损的网元,故意丢弃一定数量的IP报文,从而降低网络性能或质量的网络攻击。PDA与传统的拒绝服务(DoS)攻击的主要区别在于,一些受害者甚至没有意识到他们正在受到攻击。攻击性路由器检测(ORD)是一种能够检测正在执行PDA的攻击性路由器的机制。ORD机制基于网络中流量守恒的原则,采用了一种新提出的ICMP报文——Caddie报文,在Caddie报文中记录报文的转发信息。因此,通过分析这些信息,我们可以识别出异常丢包的路由器。我们展示了ORD机制相对于其他现有网络监控机制的优势,并讨论了存储和带宽开销问题。我们还通过模拟ORD机制的功能来检测四种不同的数据包丢弃模式,从而证明了该方法的优点和有效性。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
