Escola de EngenhariaCOPPEUniversidade Federal do Rio de Janeiro
Apresentação do GTA





IP Traceback

The current Internet routing infrastructure is vulnerable to anonymous denial-of-service (DoS) attacks. These attacks are generally conducted by sending packets to the victim at a higher rate than they can be served, causing the denial of legitimate service requests. Recently, the number of attacks against famous websites is alarming and the results are financially devastating. A defense strategy is to trace attack packets back to their actual source in order to make the attacker accountable and isolate him from the network. To date, the proposed traceback systems require either large amounts of storage space on router-connected devices or a sufficient number of received attack packets. GTA/UFRJ has developed a system capable of determining the source of every packet received by the victim without storing state in the network infrastructure. The proposed traceback system is based on the packet-marking approach to avoid state storage at routers. A Bloom Filter is employed to reduce the amount of information inserted into the packet. In addition, the use of a Generalized Bloom Filter prevents "signature" forgery by the attacker and therefore backtracing failures. Experimental results show that the system can trace in less than one second the real source of a single IP packet without any storage in the network infrastructure. Recent researches have been made in order to develop marking structures even more robust. The result is the so-called Concatenated Bloom Filter, which can provide robustness even to smart attackers interference without the limitation of legitimate information loss.

Selected Publications

  • Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., Cunha, D. O., Costa, L. H. M. K., Duarte, O. C. M. B. - "Negação de Serviço: Ataques e Contramedidas", in Minicursos do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais - SBSeg'2005. Florianópolis, Brazil, pp. 1-63, September 2005 (GTA-05-48).

  • Laufer, R. P., Velloso, P. B., Cunha, D. O., Moraes, I. M., Bicudo, M. D. D., Moreira, M. D. D., and Duarte, O. C. M. B. - ``Towards Stateless Single-Packet IP Traceback'', in 32nd IEEE Conference on Local Computer Networks - LCN'2007, pp. 458-555, Dublin, Ireland, October 2007 (GTA-06-38).

  • Moreira, M. D. D., Laufer, R. P., Velloso, P. B., and Duarte, O. C. M. B. - ``Uma Proposta de Marcação de Pacotes para Rastreamento Robusto a Ataques'', in Anais do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais - SBSeg'2007, Rio de Janeiro, RJ, Brazil, August 2007 (GTA-07-14).