RID Implementation Report

Size: px

Start display at page:

Download "RID Implementation Report"

Oscar Franklin
6 years ago
Views:

1 RID Implementation Report Toshifumi Kai kito Nagashima iroshige Nakatani Naohiro Fukuda Shimizu iroshi Matsushita Electric Works, Ltd. Teruaki Takahashi kira ashiguchi Takayuki Suzuki Katsuji Tsukamoto Kogakuin University

2 Plan for Test by Mew 2004 Sep 27th Oct 1st Phase 1 (Finished) RID system only MEW s XML format is not same as RID format, No Encryption and entication 2004 Nov 1th Dec 30th Phase 2 (Planned and on Going) RID with back MEW s XML format is not same as RID format, No Encryption and entication 2005 Jan 1th Full Implemented system Phase 3 (Not Planned Yet) RID with back

3 MEW s Implementation Status Renaming Source to message result for not found case (-> history area) Message Type 3 with NULL ttacker s IP equal Not Notification field for traceback system added for Source Message (-> free form text area) It would be necessary for the following cases, if the initiator does not allow False Negative (FP) and use ash traceback, however responder use ICMP trceaback then it may have False Positive (FP), and the traced result may be no meaning for initiator. ash traceback can trace in each packet but ICMP traceback traces DoS/DDoS packets. So, we added used-traceback-type in some field. In the case of system down caused in responder s traceback system, it should be reported by the notification message. MEW s XML format is not equal for RID s XML format Implementation is not completed yet and modified for test purpose now. Encryption and authentication is not implemented yet. Implementation of SSL/XML encryption and authentication using C remained Transport protocol is implemented with soap/http/tcp We used soap/http/tcp protocol for messaging

4 Simple Test We setup a very simple test case: star topology and straight chained topology with 7 PCs. 7 PCs as es and without routers and traceback system between them We measured the response time until the source found (result) message will send to initiator and the CPU time when the handle the XML interpretation and SOP communication. When it were straight topology, and if S numbers were 7.

5 Test Results Straight Chained Topology: Response time for traceback was 1.6 sec, and Response time for handling SOP/XML was 0.46 sec for 7 Ses. Star Topology: Response time for traceback was 0.6 sec, and Response time for handling SOP/XML was 0.23 sec for 6 Ses. It will take about sec per S for handling traceback, sec per S for handling SOP/XML, nd total response time will be about sec per S. Note: We assume and feed the tracing time (delay) of inside S defined as fixed value. First and Middle S; 0.2sec ttacker s S (Final S); 0.4sec (We plan to test with the real tracing time in next month)

6 Reference

7 Spec for CPU Pentium3.0Gz Memory 512MBytes Network: Fast Ether (100Base-T) (RID) (Inter-S traceback Software) Transport Protocol: TCP + TTP + Open SOP Inter-S back Protocol: RID-mew (modified RID + XML)

8 Chained S Topology S Num Topology V V Victim S1 ttacker V S1 S2 S3 S4 V S1 S2 S3 S4 S5 S6 S7

9 Timeline for Chained Start-Tracing Time to Finished S1 Int-S trace uest message Result message S2 Int-S trace uest message S3 t1 Int-S trace uest message t2 S4 *S num = T=t1+t2+t3+t4 =RID Processing Time SOP Protocol XML Translation t3 Int-S trace t4

10 Chained Results S num 1 Tracing Time for Total int-s 0.4 RID Processing Time SOP Protocol + XML Translation RID Processing Time SOP Protocol + XML Translation Total Time for tracing Internal S [sec] *We assume that the tracing time of inside S defined as fixed value ( first and middle S;0.2sec, ttacker s S; 0.4sec

11 Star S Topology Num of Neighbor S V V S1 S3 S1 S4 V S2 Topology S2 S2 S3 S1 S4 S3 S2 S3 : ttacker V: Victim

12 Timeline for Star Topology Start Tracing Time for Tracing Finished S1 Int-S trace S2 S3 Int-S trace Int-S trace Result message S4 uest message Int-S trace num of neighbor S was 3

13 Star Results Num of neighbor S Tracing Time for each Int- S RID Processing Time SOP Protocol + XML Translation RID Processing Time SOP Protocol + XML Translation Time for each tracing Internal S *We assume that the tracing time of inside S defined as fixed value ( first and middle S;0.2sec, ttacker s S; 0.4sec

14 RID-nime (Tracing) pending...2 min later NP4 pending NP1 NP2 NP3 S1 S2 S3! ttack Report Victim (Web-Server) ttacker

15 RID-nime (Filtering) (pproved) (Denied) NP4 (Denied) (Denied) (pproved) NP1 NP2 Filter Source (available) NP3 S1 Not! S2 S3 ttack Report Victim (Web-Server) ttacker

16 RID-nime (Probabilistic back ) i NP4 i NP1 i NP2 i NP3 i ash S1 S2 S3! ttack Report Victim (Web-Server) *NP1 and NP3 have a same consortium ttacker

17 S1 ash NP1 RID-nime (Multi-back) NP4 S2 S3 NP2 NP3 Victim (Web-Server) ttacker ttack Report i i! i i i i ash i +ash ash ttacker!!

RID Implementation Report

RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), kito Nagashima (akito_nagashima@mewe1.mewnet.or.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp), Naohiro Fukuda (fukuda@trc.mew.co.jp), Shimizu