04/22/2001ecs289K: Intention Driven iTrace1 ecs298k Intention-Driven iTrace lecture #6 Dr. S. Felix Wu Computer Science Department University of California,

Slides:



Advertisements
Similar presentations
Network II.5 simulator ..
Advertisements

04/12/2001ecs289k, spring ecs298k: BGP Routing Protocol (2) lecture #4 Dr. S. Felix Wu Computer Science Department University of California, Davis.
IP Forwarding Relates to Lab 3.
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Fundamentals of Computer Networks ECE 478/578 Lecture #13: Packet Switching (2) Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.
CECS 474 Computer Network Interoperability Notes for Douglas E. Comer, Computer Networks and Internets (5 th Edition) Tracy Bradley Maples, Ph.D. Computer.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
02/15/2007ecs2361 Tracing & Traceability S. Felix Wu UC Davis
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
08/02/2001S. Felix Wu and Dan Massey1 iTrace Probability: 1/20,000 For routers closer to the victim, useful iTrace messages will be produced very frequently.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.
03/19/2001ICMP Traceback Working Group, IETF'50, Minneapolis, MN 1 Intention-Driven iTrace S. Felix “Last Minutes” Wu UC Davis
04/12/2001ecs289k, spring ecs298k Distributed Denial of Services lecture #5 Dr. S. Felix Wu Computer Science Department University of California,
Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.
04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis
Feb 12, 2008CS573: Network Protocols and Standards1 Border Gateway Protocol (BGP) Network Protocols and Standards Winter
Chapter 19 Binding Protocol Addresses (ARP) Chapter 20 IP Datagrams and Datagram Forwarding.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.
ECE 544 Project 3 Content Based Routing Neelakantan Nurani Krishnan Shikha Kakkar Suja Srinivasan.
Computer Networks Layering and Routing Dina Katabi
Routing Algorithms (Ch5 of Computer Network by A. Tanenbaum)
Chapter 22 Network Layer: Delivery, Forwarding, and Routing
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
IP Forwarding.
10/8/2015CST Computer Networks1 IP Routing CST 415.
David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)
08/02/01S. Felix Wu --UCCS Visit1 Distributed Denial of Services the Problem, its Solutions, and their Problems Dr. S. Felix Wu Computer Science Department.
CS 453 Computer Networks Lecture 18 Introduction to Layer 3 Network Layer.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
04/03/2001ecs298k spring lecture #1 ecs298k: Internet Architecture lecture #1 Dr. S. Felix Wu Computer Science Department University of California,
Thierry Ernst - MOTOROLA Labs / INRIA Ludovic Bellier - INRIA project PLANETE Claude Castelluccia - INRIA project PLANETE Hong-Yon Lach - MOTOROLA Labs.
Packet-Marking Scheme for DDoS Attack Prevention
Routing and Routing Protocols
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
Distributed Denial-of-Service Attack Detection (and Mitigation?) Mukesh Agarwal, Aditya Akella, Ashwin Bharambe.
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
CS470 Computer Networking Protocols
Node Lookup in P2P Networks. Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service.
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Understanding BGP Path Attributes.
Spring Routing: Part I Section 4.2 Outline Algorithms Scalability.
CS 6401 Intra-domain Routing Outline Introduction to Routing Distance Vector Algorithm.
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
Delivery and Forwarding Chapter 18 COMP 3270 Computer Networks Computing Science Thompson Rivers University.
COMP8330/7330/7336 Advanced Parallel and Distributed Computing Communication Costs in Parallel Machines Dr. Xiao Qin Auburn University
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
100% Exam Passing Guarantee & Money Back Assurance
COMP 3270 Computer Networks
Chapter 6 Delivery & Forwarding of IP Packets
CS4470 Computer Networking Protocols
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
(How the routers’ tables are filled in)
Internet Control Message Protocol (ICMP)
EEC-484/584 Computer Networks
Chapter 10 IGMP Prof. Choong Seon HONG.
Net 323 D: Networks Protocols
An Analysis of BGP Multiple Origin AS (MOAS) Conflicts
Subnets in TCP/IP Networks © N. Ganesan, Ph.D.
EE 122: Intra-domain routing: Link State
Mobile IP Neil Tang 11/12/2008 CS440 Computer Networks.
Presentation transcript:

04/22/2001ecs289K: Intention Driven iTrace1 ecs298k Intention-Driven iTrace lecture #6 Dr. S. Felix Wu Computer Science Department University of California, Davis

04/22/2001ecs289K: Intention Driven iTrace2 A Statistic Problem with iTrace Routers closer to the victims have higher probability to generate iTrace packets toward the true victims. Routers closer to the DDoS slaves might have relatively small probability (smaller than the routers around the victims) to generate “useful” iTrace packets.

04/22/2001ecs289K: Intention Driven iTrace3 “Usefulness” Let’s think??

04/22/2001ecs289K: Intention Driven iTrace4 Two answers It carries attack packets. It carries attack packets from a router that is very close to the original slaves

04/22/2001ecs289K: Intention Driven iTrace5 Two measures P(U-iTrace) –When an iTrace message is generated, what is the probability that this iTrace message is “useful” (i.e., it carries an attack packet)? P(U-iT-sec) –What is probability for a router to generate at least ONE “useful” iTrace message in a second?

04/22/2001ecs289K: Intention Driven iTrace6 Example: Multi-S Single-V SlaveR1R1 R2R2 Victim 1K attack-pkt/sec 19K normal-pkt/sec P(U-iTrace) = 5% #iTrace/sec = 1 P(U-iT-sec) = 5% 4K attack-pkt/sec 196K normal-pkt/sec P(U-iTrace) = 2% #iTrace/sec = 10 P(U-iT-sec) = 18% 200K attack-pkt/sec 200K normal-pkt/sec P(U-iTrace) = 50% #iTrace/sec = 20 P(U-iT-sec) = % 980K attack-pkt/sec 20K normal-pkt/sec P(U-iTrace) = 98% #iTrace/sec = 50 P(U-iT-sec) = 100%

04/22/2001ecs289K: Intention Driven iTrace7 Motivation About (K* 0.005%) of our network resources will be spent on iTrace packets. Then, we hope we can spend the resources on more “useful” iTrace packets.

04/22/2001ecs289K: Intention Driven iTrace8 Three Types of Nodes DDoS victim with the intention to trace the slaves. DDoS victim without the intention. non-DDoS victims (assuming they do not have the intention as well -- and very likely they hope they won’t receive ones).

04/22/2001ecs289K: Intention Driven iTrace9 Intention-driven iTrace Different destination hosts, networks, domains/ASs have different “intention levels” in receiving iTrace packets. –We propose to add one “iTrace-intention” bit. Some of them might not care about iTrace, and some of them might not be under DDoS attacks, for example.

04/22/2001ecs289K: Intention Driven iTrace10 a little mathematics... S2V: 2% S2B:48% S2C:25% S2D:25% I: 1 I: 0 I: 1 Intention for receiving iTrace. V’s probability to receive iTrace packets: 7.41% 0.02 / ( ) = P iTrace (V) = (P traffic (V) * I(V)) / (P traffic (n) * I(n))

04/22/2001ecs289K: Intention Driven iTrace11 Example: Multi-S Two-V SlaveR1R1 R2R2 Victim 4K att-v1-pkt/sec 50K att-v2-pkt/sec 146K normal-pkt/sec P(U-iTrace) = 2% #iTrace/sec = 10 P(U-iT-sec) = 18% I(Victim-1) = 1 P(U-iTrace) = 7.4% P(U-iT-sec) = 53.7% P(U-iTrace) = 25% #iTrace/sec = 10 P(U-iT-sec) = 95% I(Victim-2) = 1 P(U-iTrace) = 92.6% P(U-iT-sec) = 100.0%

04/22/2001ecs289K: Intention Driven iTrace12

04/22/2001ecs289K: Intention Driven iTrace13

04/22/2001ecs289K: Intention Driven iTrace14

04/22/2001ecs289K: Intention Driven iTrace15

04/22/2001ecs289K: Intention Driven iTrace16

04/22/2001ecs289K: Intention Driven iTrace17 Issues How to determine the intention bit? –Policy to set the bit. How to distribute the intention bits to routers globally? –Utilize/extend BGP! How to use the intention bits at each router?

04/22/2001ecs289K: Intention Driven iTrace18 How to distribute I(n)? YABE: (Yet Another BGP Extension) –For every BGP route update, we include I(n) as a new string in the community attribute: 0x[iTrace-Intention]:0x[0-1] (optional & transitive) –These I(n) values will be forwarded or even aggregated by the routers who understand this new community attribute. aggregation: I(new) = max {I(n)} –Rate-Limiting on Intention Update: should not be more frequent than Keep-Alive messages. should not trigger any major route computation.

04/22/2001ecs289K: Intention Driven iTrace19 The iTrace Statistics Model Packet buffering Routing table lookup Forward process iTrace Stochastic Process Should this packet be iTraced? Yes, we should generate an iTrace for this packet?

04/22/2001ecs289K: Intention Driven iTrace20 iTrace Trigger Packet buffering Routing table lookup Forward process iTrace Stochastic Process If yes, pick the N th packet in the buffer…. Should we generate an iTrace message now? iTrace Trigger

04/22/2001ecs289K: Intention Driven iTrace21 A simple design BGP table I(n) iTrace bit iTrace Process Add two bits to the routing table: (1). I(n): Intention Bit Value associated with this entry (2). iTrace bit: whether we need to generate an iTrace message for this entry now. per ~20K pkts

04/22/2001ecs289K: Intention Driven iTrace22 Handling an iTrace Trigger BGP table I(n) iTrace bit iTrace Process If all I(n)’s are zero, shut-off the iTrace trigger process. Set the iTrace bit on all the entries with I(n) = 1.

04/22/2001ecs289K: Intention Driven iTrace / / / / / / / / / / / /1600 (1). Before iTrace trigger: (2). After iTrace trigger: I(n) iTrace bit

04/22/2001ecs289K: Intention Driven iTrace / / / / / /16 (3). After iTrace sent: I(n) iTrace bit

04/22/2001ecs289K: Intention Driven iTrace25 Processing Overhead Processing for each data packet: 1. if the iTrace flag bit is 1, (1). send an iTrace message for this data packet. (2). reset all the iTrace bits to 0. 1/20K iTrace message trigger occurs: 1. Set all the iTrace bits on if I(n) = 1.

04/22/2001ecs289K: Intention Driven iTrace26 The Aggregation Problem SlaveR1R1 R2R2 Victim 4K att-v1-pkt/sec 50K att-v2-pkt/sec 146K normal-pkt/sec P(U-iTrace) = 2% #iTrace/sec = 10 P(U-iT-sec) = 18% I(Victim-1) = 1 P(U-iTrace) = 7.4% for 4K traffic. P(U-iT-sec) = 53.7% 4K att-v1-pkt/sec 16K agg-v1-pkt/sec 50K att-v2-pkt/sec 130K normal-pkt/sec P(U-iTrace) = 2% #iTrace/sec = 10 P(U-iT-sec) = 18% I(Victim-1) = 1 P(U-iTrace) = 5.7% for 20K traffic. P(U-iT-sec) = 44.4%

04/22/2001ecs289K: Intention Driven iTrace27 Summary for Intention iTrace Improve the probability of “useful” iTrace. Require some “minor” changes to the router forwarding process. Require another BGP extension. –We need to verify that this extension will be interoperable well with existing BGP nodes. The amount of generated iTrace messages should be no more than the current iTrace proposal.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.