Browse by author
Lookup NU author(s): Marios Andreou, Professor Aad van Moorsel
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
IP Traceback systems facilitate tracing of IP packets back to their origin, despite possibly forged or overwritten source address data. A common shortcoming of existing proposals is that they identify source network, but not the source host. Our work extends the traceback process to allow tracing of (switched) Ethernet frames. We build on SPIE (which operates at IP routers) to design and implement `switch-SPIE'. Traffic logging is deployed in a `switch-DGA' tap-box at each switch. The (switched) Ethernet traffic visibility issue is resolved with port mirroring, and the MAC address table establishes causality between source MAC address and source switch port. Our solution works for any network topology, as opposed to earlier layer 2 extensions to IP Traceback. We provide an implementation and experimental evaluation to establish the efficacy of our approach, with respect to processing overhead and memory use.
Author(s): Andreou MS, van Moorsel A
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Proceedings of the first European Workshop on System Security (EUROSEC)
Year of Conference: 2008
Pages: 1-7
Publisher: ACM
Notes: Affiliated with EuroSys 2008. Proceedings on CD-ROM.