Tag Archives: Network packet

Session-based packet marking and auditing for network forensics

The widely acknowledged problem of reliably identifying the origin of network data has been the subject of many research works. Due to the nature of Internet Protocol, a source IP can be easily falsified, which results in numerous problems, including the infamous Denial-Of-Service (DOS) attacks. In this paper, two light-weight novel approaches are proposed to solve this problem by providing simple and effective logging and IP-Traceback mechanism: Session-Based packet Logging (SBL) and SYN-based Packet Marking (SYNPM). The contribution of these schemes lies in the fact that they are easy to be implemented with little overhead, and are practical under sensitive privacy regulations, since they do not need to access detailed contents of each individual communication session. Currently, SBL and SYNPM approaches support only TCP sessions.

Article originally published in ‘International Journal of Digital Evidence’, V. 6 (2007), n. 1, http://www.utica.edu/academic/institutes/ecii/ijde/articles.cfm?current=1 – Republished with permission.

View full Article in PDF