Tracking and Tracing

100 %
0 %
Information about Tracking and Tracing

Published on October 7, 2007

Author: Jancis


Tracking and Tracing Cyber-Attacks:  Tracking and Tracing Cyber-Attacks Howard F. Lipson, Ph.D. CERT® Coordination Center Outline:  Outline Problem with Internet Security Shortfalls in the Current Internet Environment Near-Term Solutions Long-Term Solutions Next-Generation Internet Protocol Problem with Internet Security (1):  Problem with Internet Security (1) Problem with Internet Security (2):  Problem with Internet Security (2) Shortfalls in the Current Internet Environment (1):  Shortfalls in the Current Internet Environment (1) The Internet was never designed for tracking and tracing user behavior. Functionality and performance are focused. The Internet was not designed to resist highly untrustworthy users. Only external attack is considered. A packet’s source address is untrustworthy, which severely hinders tracking IP-spoofed and intermediate nodes techniques are used. Shortfalls in the Current Internet Environment (2):  Shortfalls in the Current Internet Environment (2) The current threat environment far exceeds the Internet’s design parameters. There are more high-stake Internet applications. The expertise of the average system administrator continues to decline. Attacks often cross multiple administrative, jurisdictional, and national boundaries. Shortfalls in the Current Internet Environment (3):  Shortfalls in the Current Internet Environment (3) High-speed traffic hinders tracking. Tunnels impede tracking. Hackers destroy logs and other audit data. Anonymizers protect privacy by impeding tracking The ability to link specific users to specific IP addresses is being lost. Purely defensive approaches will fail, so deterrence through tracking and tracing is crucial. Near-Term Solutions (1) Hop-by-Hop IP Traceback:  Near-Term Solutions (1) Hop-by-Hop IP Traceback Labor-intensive For tracing large packet flows with spoofed source addresses DDoS attacks are extremely difficult to trace via this process Near-Term Solutions (2) CenterTrack:  Near-Term Solutions (2) CenterTrack Optimizing the Hop-by-Hop IP traceback Steps Create an overlay network (IP tunneling) In the event of a DoS attacks, the ISP diverts the flow of attack packets from the existing ISP network onto overlay tracking network The attack packets can now be easily traced back, hop-by-hop, through the overlay network Near-Term Solutions (3) Ingress Filtering or Egress Filtering:  Near-Term Solutions (3) Ingress Filtering or Egress Filtering Network Ingress Filtering Discard all packets that contain source IP addresses that do not match the valid range of the customer’s known IP addresses. Network egress Filtering Corporate network administrator IETF Internet Best current Practices for the Internet Community Near-Term Solutions (4) Backscatter Traceback:  Near-Term Solutions (4) Backscatter Traceback Steps The attack is reported to an ISP The ISP configures all its router to reject all packets destined for the victim Rejected packets are “returned to sender” The ISP configures all of its router to blackhole many of the ICMP error packet with illegitimate destination IP address Analysis by the blackhole machine quickly traces the attack to one or more routers at the outermost boundary of the ISP’s network The ISP removes the filter blocking the victim’s IP address from all router except those serving as the entry points for the DDoS attack The ISP asks neighboring ISPs, upstream of the attack, to continue the trace Near-Term Solutions (5) Probabilistic Approaches:  Near-Term Solutions (5) Probabilistic Approaches ICMP Traceback ICMP traceback message Probabilistic Packet Marking IP header Near-Term Solutions (6) Single-Packet IP Traceback:  Near-Term Solutions (6) Single-Packet IP Traceback In theory Keeping a log at each router in the Internet Tamper-proof Fully-authenticated Technical infeasibility Storage Privacy Hash-Based IP Traceback Packet digests Reduce storage requirement to 0.5% of the link capacity per unit of time and help privacy Issues Computational resources Transformation information (Fragmentation, tunneling) corresponding to the packet digests is store in a transformation lookup table Long-Term Solutions (1) Issues of Next-Generation Internet Protocol:  Long-Term Solutions (1) Issues of Next-Generation Internet Protocol Next-generation Internet protocols will be required to deal with trust not on a binary basis. Entry-point anonymity refer the in ability to link an Internet IP address to any human actor or organization. Can next-generation protocols be designed so as to increase the cost to the attacker and decrease the cost to the defender? Supporting vigilant resource consumption. Supporting marketplace negotiation of trust versus privacy trade-offs (trust broker). Next-generation Internet protocols must allow for variable levels of trust under various attack states (situation-sensitive). Sufficient header space for tracking information. Long-Term Solutions (2) Emerging Next-Generation Security Protocols:  Long-Term Solutions (2) Emerging Next-Generation Security Protocols Internet Protocol Security (IPSec) Characteristics AH (Authentication Header) ESP (Encapsulating Security Payload) IKE (Internet Key Exchange) Shortfalls Vigilant resource consumption Fine-grained authentication of trust Situation-sensitive Internet Protocol Version 6 (IPv6) Characteristics IP address is 128 bits long. IPSec built in. Flexible header structure Address space is enormous

Add a comment

Related presentations

Related pages

Sendungsverfolgung – Wikipedia

Sendungsverfolgung (engl. track and trace oder tracking and tracing = Verfolgung und Rückverfolgung) ist ein System, mit dem der Status einer Lieferung ...
Read more

Tracking – Wikipedia

Tracking (dt. für den statischen [retrospektiven] Anwendungsfall gleichbedeutend mit Spurbildung, für den dynamischen Anwendungsfall [mitlaufend, online ...
Read more


track-trace. share. Twitter; Facebook; Google+; contact. Home; my track-trace; Air cargo; ... Send us a message, provide the link to their tracking page if ...
Read more

Container tracking - track-trace

The container tracking page lets you track containers for 122 companies. A track-trace service.
Read more

UPS: Tracking Information

Use your UPS InfoNotice or tracking number to get updates on your delivery or sign up for UPS My Choice for even more convenient services.
Read more

Tracking, Track Parcels, Packages, Shipments - DHL Express

DHL Express tracking - track a parcel, track a package, track shipments and check shipment delivery status online. Track parcels and packages now.
Read more

Tracking and Tracing - Logistik Info

Das Tracking and Tracing (kurz Track and Trace) erfährt seit Jahren steigende Beliebtheit und kann wohl schon bald als Standardanwendung im Bereich der ...
Read more


17TRACK is the most powerful and inclusive package tracking platform. It enables to track over 170+ postal carriers for registered mail, parcel, EMS and ...
Read more

MSC: Global Container Shipping Company

MSC is a world leader in global container shipping and a company that prides itself on offering global service with local knowledge.
Read more

DHL Sendungsverfolgung

Mit der DHL Sendungsverfolgung behalten Sie Ihre Sendung immer im Blick und können jederzeit den Status Ihrer Sendungen einsehen und den voraussichtlichen ...
Read more