Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSEC
2008
ACM
2008
ACM
Logging based IP Traceback in switched ethernets
IP Traceback systems facilitate tracing of IP packets back to their origin, despite possibly forged or overwritten source address data. A common shortcoming of existing proposals is that they identify source network, but not the source host. Our work extends the traceback process to allow tracing of (switched) Ethernet frames. We build on SPIE (which operates at IP routers) to design and implement `switch-SPIE'. Traffic logging is deployed in a `switch-DGA' tap-box at each switch. The (switched) Ethernet traffic visibility issue is resolved with port mirroring, and the MAC address table establishes causality between source MAC address and source switch port. Our solution works for any network topology, as opposed to earlier layer 2 extensions to IP Traceback. We provide an implementation and experimental evaluation to establish the efficacy of our approach, with respect to processing overhead and memory use.
Real-time TrafficEUROSEC 2008 | IP Traceback | IP Traceback Systems | Overwritten Source Address | Security Privacy |
Related Content
| Added | 19 Oct 2010 |
| Updated | 19 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | EUROSEC |
| Authors | Marios S. Andreou, Aad P. A. van Moorsel |
Comments (0)
Researcher Info
|
