• Title/Summary/Keyword: traceback server

Search Result 10, Processing Time 0.023 seconds

Design and Implementation of a Traceback System based on a Traceback Agent (역추적 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • Jeong, Jong-Min;Lee, Ji-Yul;Lee, Goo-Yeon
    • Journal of Industrial Technology
    • /
    • v.22 no.B
    • /
    • pp.147-153
    • /
    • 2002
  • It is very important to detect and remove original sources of DOS (Denial of Service) attacks or connection oriented/connectionless attacks. In this paper, we implement a traceback system that does not require the reaction of routers and administrators and does not need log data. We bring in a traceback server and traceback agents in each network and use sniffing and spoofing schemes. Finally, the traceback server detects attacking hosts using information transmitted from traceback agents.

  • PDF

Design and Implementation of a Traceback System based on Multi-Agents (다중 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • 정종민;이지율;이구연
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.3-11
    • /
    • 2003
  • It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

Development of Traceback System Using IDS Module (침입탐지 모듈을 이용한 역추적시스템 개발)

  • 김선영;구향옥;서동일;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2003.05a
    • /
    • pp.227-230
    • /
    • 2003
  • A system connected in Internet can be intruded by cracker via several systems. This paper proposes an efficient traceback model in order to trace a route of crackers. The traceback system is composed of a traceback server model and a traceback client model, As transmitting intrusion information from an area where client agent is installed to traceback server, the system distinguishes which systems are used as intrusion route. The traceback system can retrace intrusion route efficiently in an area where a traceback client is installed.

  • PDF

A Precursor Phenomena Analysis of APT Hacking Attack and IP Traceback (APT 해킹 공격에 대한 전조현상 분석 및 IP역추적)

  • Noh, Jung Ho;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.275-278
    • /
    • 2013
  • Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

  • PDF

An Attack Origin Traceback Mechanism using ICMP Message on Ad-hoc Network (Ad-hoc 네트워크에서 ICMP메시지를 이용한 공격 근원지 역추적 기법)

  • Jeong, Gi Seog
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.47-54
    • /
    • 2013
  • Ad-hoc network is composed of mobile nodes and has a vulnerability of attack like on conventional wire networks. So, many studies have been conducted to apply the traceback mechanism on wire network to Ad-hoc network. In this paper, a new mechanism that can trace back to IP source of spoofing DDoS packet using iTrace message on Ad-hoc network is proposed. The proposed mechanism implements ICMP Traceback message and the traceback path between agents allocated in local network and a server located in management network. Also the proposed mechanism can trace the position of attacker even after an attack is over and has extendability through standardization by using a mechanism that IETF proposed. Result of performance evaluation shows a great improvement in terms of load, integrity, safety, traceback function as compared with conventional mechanisms.

A Study on Real IP Traceback and Forensic Data Generation against Bypass Attack (우회적인 공격에 대한 실제 IP 역추적 실시와 포렌식 자료 생성)

  • Youn, Byung-Sun;Yang, Hae-Sool;Kim, Dong-Jhoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.1
    • /
    • pp.143-151
    • /
    • 2008
  • Execute IP traceback at this paper as target an intruder's attacking that Bypass Attack in order to avoid an exposure of own Real IP address Design IP traceback server and agent module, and install in Internet network system for Real IP traceback. Set up detection and chase range aggressive loop around connection arbitrariness, and attack in practice, and generate Real IP data cut off by fatal attacks after data and intrusion detection accessed general IP, and store to DB. Generate the Forensic data which Real IP confirms substance by Whois service, and ensured integrity and the reliability that buy to early legal proof data, and was devoted to of an invader Present the cyber criminal preventive effect that is dysfunction of Ubiquitous Information Society and an effective Real IP traceback system, and ensure a Forensic data generation basis regarding a judge's robe penalty through this paper study.

  • PDF

An Improved Model Design for Traceback Analysis Time Based on Euclidean Distance to IP Spoofing Attack (IP 스푸핑 공격 발생 시 유클리드 거리 기반의 트레이스 백 분석시간 개선 모델)

  • Liu, Yang;Baek, Hyun Chul;Park, Jae Heung;Kim, Sang Bok
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.11-18
    • /
    • 2017
  • Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.

A Study of IP Spoofing Attack and Defense Through Proxy Server (Proxy Server를 통한 IP Spoofing 공격과 방어 연구)

  • Lee, Bo-Man;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.05a
    • /
    • pp.281-284
    • /
    • 2010
  • The characteristics of International Hacking is that because even if with tracing techniques, nobody can find Real IP address of the attacker so it is true that Great difficulty in the investigation. so that an attacker goes through the Proxy Server Many times and they use techniques of IP Spoofing to hide their IP address. In this paper, study How attackers use IP Spoofing Technique and the application of Proxy Server. In addition, to Propose IP Spoofing attacks through the Proxy Server attack and defend methods also IP traceback methods so this study materials will contribute to the development of International Hacking and Security Protection Technology.

  • PDF

A Traceback-Based Authentication Model for Active Phishing Site Detection for Service Users (서비스 사용자의 능동적 피싱 사이트 탐지를 위한 트레이스 백 기반 인증 모델)

  • Baek Yong Jin;Kim Hyun Ju
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.19-25
    • /
    • 2023
  • The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

A Study on Traceback by WAS Bypass Access Query Information of DataBase (DBMS WAS 우회접속의 쿼리정보 역추적 연구)

  • Baek, Jong-Il;Park, Dea-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.12
    • /
    • pp.181-190
    • /
    • 2009
  • DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.