Using Topology Data for Origin Identification
Spoofed traffic is one of the Internet’s major problems—or, at the very least, one of its more annoying woes. Blindly spoofed packets with bogus or specially chosen but deceptive source addresses can be used to abuse trust relationships between computers, inject malicious contents (such as unsolicited bulk mailings) without leaving conclusive traces and legitimate origin information, and so forth. Blind spoofing can also be used to hide the identity of an attacker conducting system probes (“decoy scanning” discussed earlier in Chapter 13). The worst plague of all is, however, spoofing used to carry out Denial of Service (DoS) attacks.
In a typical DoS attack, the administrator is given a chance to see ...
Get Silence on the Wire now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.