Attacker Tracking Technologies |
Abstract
It has generally known that the automatic trace back of the hacking on the Internet is too difficult because of the anonymity of Internet and the re-attacking via several hosts. So, till now, the most general type is traceback with the log
analysis method by expert.
There are 2 kind of traceback. First, the IP packet traceback which utilized to find the real
location of the hacker who sending the packet that adapted the spoofed IP address. Second, Connection Chain traceback which utilized to find the real
location of the hacker who attacks the victim via several other hosts. Specially, IP packet traceback is used to find the hacker who
attacking with the DDoS attack scheme.
There are several traceback techniques with these 2 type of traceback. In this class we introduce the techniques that the traceback
- which using the forensic analysis of the basic logs,
- with counter attacking,
- with CIS,
- with IP Traceback, and
- some other techniques to make up the connection chain (with contents comparison, time comparison, increment ratio of
sequence number comparison).
By:
Mr. Dong-Il Seo
ETRI, KOREA
E-mail: bluesea@etri.re.kr
Tel: +82-42-860-3814 |
|
|