Um Novo Sistema de Rastreamento de Pacotes IP contra Ataques de Negação de Serviço

Rafael Pinaud LauferPedro VellosoOtto Carlos Muniz Bandeira Duarte

On most denial-of-service attacks, packets with spoofed source addresses are employed in order to disguise the attack's true origin. A defense strategy is to trace back the source of every attack packet for the sake of penalizing the attacker or isolating him from the network. To date, the proposed traceback systems require either large amounts of storage space on routers or a sufficient number of received attack packets. In this paper, a new IP traceback system is proposed to determine the source of every packet received by the victim without storing state in the network infrastructure. For practical purposes, a generalization of the Bloom-filter theory is deployed and a corresponding mathematical evaluation is performed. Analytical results are presented to show efficacy of the proposed system.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: