Vulnerabilities in distance-indexed IP traceback schemes Online publication date: Fri, 16-Mar-2007
by Jianping Pan, Lin Cai, Xuemin Sherman Shen
International Journal of Security and Networks (IJSN), Vol. 2, No. 1/2, 2007
Abstract: In order to counter Denial-of-Service (DoS) attacks using spoofed source addresses, many IP traceback schemes have been proposed in the last few years. Among them, distance-indexed probabilistic packet marking schemes appear to be very attractive. In this paper, we first discover two intrinsic vulnerabilities in these schemes. Substantiated by efficacy analysis and numerical results, several exploits are designed to take advantage of these vulnerabilities in an efficient manner when compared with the traceback effort attempted by victims. Consequently, we show that the design goal of these schemes can be compromised in practice. Further, we discuss these vulnerabilities in a general context relevant to network protocols and examine a few possible alternatives.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook