摘要: Finding the source of forged Internet Protocol (IP) datagrams in a large, high-speed network is difficult due to design IP protocol and lack sufficient capability most high-speed, high-capacity router implementations. Typically, not enough routers such are capable performing packet forwarding diagnostics required for this. As result, tracking-down flood-type denial-of-service (DoS) attack usually or impossible these networks. CenterTrack an overlay network, consisting tunnels other connections, that used selectively reroute interesting directly from edge special tracking routers. The routers, associated sniffers, can easily determine ingress by observing which tunnel arrive. be examined, then dropped forwarded appropriate egress point. This system simplifies work adjacency flood while bypassing any equipment may incapable necessary diagnostic functions.
jhu.edu 参考文章(15)
J. Apisdorf, OC3MON: Flexible,Affordable,High-Performance Statistics Collection Proc. INET '97. ,(1997)
Christian Huitema, Routing in the Internet ,(1995)
Steven Bellovin, Marcus Leech, Tom Taylor, ICMP Traceback Messages Internet Draft: draft-bellovin-itrace-00. txt. ,(2003) , 10.7916/D8FF406R
R. W. Callon, Use of OSI IS-IS for routing in TCP/IP and dual environments RFC 1195. ,vol. 1195, pp. 1- 85 ,(1990)
N. Brownlee, G. Ruth, C. Mills, Traffic Flow Measurement: Architecture RFC. ,vol. 2063, pp. 1- 37 ,(1999)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Hal Burch, None, Tracing Anonymous Packets to Their Approximate Source usenix large installation systems administration conference. pp. 319- 328 ,(2000)
D. Farinacci, S. Hanks, T. Li, P. Traina, D. Meyer, Generic Routing Encapsulation (GRE) RFC 2784. ,vol. 1701, pp. 1- 8 ,(2000)
Bassam Halabi, Internet Routing Architectures ,(1997)