標題: 於IP-based網路利用識別碼進行封包標記與路徑回溯追蹤之研究與實作
Study and Implementation of Identification-based Packet Marking and Route Traceback in IP-based Networks
作者: 黃民翰
Huang, Tim Hann
趙禧綠
Chao, Hsi-Lu
資訊科學與工程研究所
關鍵字: 網路安全;偽造網路位址;封包標記;路徑回溯追蹤;Network Security;IP Spoofing;Packet Marking;Route Traceback
公開日期: 2008
摘要: 隨著網路技術的發展,網路安全的議題逐漸受到重視。許多攻擊者在網路上使用□裝的來源位址進行封包傳遞,隱藏自己的位置,以致現今路徑回溯追蹤方法,無法找到正確的攻擊來源位址。現今路徑回溯追蹤的方法是利用所收到的封包,取得封包內的來源位址,向來源位址發送封包,所經過的路由器會回傳本身位址資訊,達到路徑回溯追蹤。當來源位址是偽造時,往回發送的封包,傳送的路徑並非攻擊封包使用的傳送路徑,因此追蹤出錯誤的路徑。封包標記是路徑回溯中重要的一環,在封包的傳遞過程中,經過擁有封包標記的主機,受害者收集這些標記的內容,去追蹤出正確的路徑。本篇論文提出一個簡單的封包標記與標記記錄追蹤的方法,在□裝來源位址的情況下,依然能夠正確追蹤出傳送的來源,對於即時性與非即時性的追蹤都可達成。這個方法需要使用到IP Option的欄位,標記方式是將設定的識別碼加入IP Option的欄位,並將經過的每一個標記主機記錄下來,最後再使用這些標記資訊,進行路徑的查詢,以找出攻擊者的位置,達到路徑追蹤的效果。
Along with the development of Internet, network security becomes important. Many attackers spoofed the source address of the packets in the internet. The method of traceback would not trace the true path of source which is spoofed. The method of traceback used the source address of the packet and sent the packet to the source address. The router along the path will return the IP address of itself. The victim can used these messages to rebuild the path. But the source address is spoofed so that the trace path is wrong. According to this reason, packet marking used to get the accurate trace path. The packets across the marking machine were marked by marking procedure. The victim could collect or gather the marking information to trace the accurate paths. This paper describes a simple method of packet marking for IP traceback. The packets with spoofing address could be traced the accurate paths by marking information. The Identification-based Packet Marking (IPM) for Real-Time/Non-Real-Time is effective to trace route. The IPM marks identifiers to the IP Option field and los the marking information. Afterwards, we could find the path of packet’s transmission by analyzing the marking information.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079655535
http://hdl.handle.net/11536/43340
Appears in Collections:Thesis


Files in This Item:

  1. 553501.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.