"wacky govt project"

Dave Aitel referenced an interesting government project I hadn't heard about until reading a posting by him on dailydave. The project: http://cryptome.org/traceback.htm. To spark your interest, I grabbed some snippets:

  • " We seek to develop tools and techniques for the traceback of attacks carried out over information networks to their originating source."

  • " We are soliciting research that will significantly improve the science and practice of network traceback, and are seeking tools and techniques to increase our knowledge of the true source of an attack. We are seeking solutions for both IPv4 and IPv6 networks. We are particularly interested in tracing attacks involving confidentiality and integrity of information on IC networks. Therefore techniques designed for tracing anonymous packet flooding attacks causing denial-of-service (DDOS and DOS) in IC networks back to their source are not of interest."

  • "We are focused on tools and techniques for tracing attacks that involve single packets, encrypted payloads, "stepping stones" (compromised hosts), and similar attack attributes. We are seeking traceback solutions that perform in one or more of the following network environments: cooperative, non-cooperative, and hostile. Solutions for the non-cooperative and hostile network scenarios are of particular interest. We seek to develop a suite of IP traceback techniques that require:
    • Low to no Internet Service Provider (ISP) involvement
    • A minimum number of packets for traceback to include a single packet for certain traceback scenarios
    • Low memory requirements
    • Little or no overhead to the router."

  • White papers should identify what concealment methods their proposed tool can use to mask its operation, and what concealment methods used by an adversary it can overcome. An adversary's obfuscation techniques can include:
    • Introducing random delays before a packet departs from a stepping stone
    • Inserting chaff (padding) into stepping stone connections
    • Encrypted payloads
    • Single packet triggers for prepositioned malicious software
    • Spoofed IP addresses.

  • We are specifically interested in traceback techniques that can operate under one or more of the following conditions:
    Can perform without violating current protocol semantics
    • Can perform without changes in the core routing structure
    • Are difficult to detect and evade by the attacker
    • Are useful for asymmetric communications (i.e., half duplex, in which only one direction of the communication is available)
    • Can operate in a passive mode, without requiring interventions
    • Are likely to be preserved across a long connection of stepping stones
    • Work through multiple internet hops, across jurisdictions and with non-cooperative or hostile Internet Service Providers (ISPs)
    • Can be performed without requiring interactive operational support from ISPs
    • Can be performed "post-mortem" after an attack has completed
    • Can be efficiently implemented and incrementally deployable.

  • We are seeking techniques that can trace the origin of a single IP packet delivered by a TCP/IP network in the recent past. The techniques to track individual packets in a network must be accomplished in an efficient, scalable fashion.

Posted by tate 18/04/2006 at 01h43

Read full article no comments