WORK IN PROGRESS: AN ARCHITECTURE FOR NETWORK PATH RECONSTRUCTION VIA BACKTRACED OSPF LSDB SYNCHRONIZATION

Raymond A. Hansen

Abstract


There has been extensive work in crime scene reconstruction of physical locations, and much is known in terms of digital forensics of computing devices. However, the network has remained a nebulous combination of entities that are largely ignored during an investigation due to the transient nature of the data that flows through the networks. This paper introduces an architecture for network path reconstruction using the network layer reachability information shared via OSPF Link State Advertisements and the routines and functions of OSPF::rt_sched() as applied to the construction of identical Link State Databases for all routers within an Area.

Full Text:

PDF

References


Endicott-Popovsky, B., Frincke, D.A., & Taylor, C.A. (2007). A theoretical frame-work for organizational network readiness. Journal of Computers, 2(3).

Endicott-Popovsky, B., & Horowitz, D.J., Unintended consequences: Digital evidence in our legal system. IEEE Security and Privacy, 10(2), 80-83.

Dean, D., Franklin, M., & Stubblefield, A. An Algebraic Approach to IP Traceback.

Dijkstra, E. (1959). A note on two problems in connexion with graphs.

Doeppner, T., Klein, P., & Koyfman, A. (2000). Using Router Stamping to Identify the Source of IP Packets. 7th ACM Conference on Computer and Communications Security, Athens, Greece, Nov. 2000.

Garfinkle, S. (2002). Network forensics: Tapping the Internet. O’Reilly Network. Retrieved on January 25, 2014 from http://www.oreillynet.com/lpt/a/1733

King, S.T., & Chen, P.M. (2003). Backtracking Intrusions. 2003 SOSP, ACM. Bolton Landing, New York, NY, October, 19-22.

Moy, J. (2001). OSPF: Anatomy of an Internet Routing Protocol. Upper Saddle River, NJ: Addison-Wesley Publishers, 20.

Moy, J. (2001). OSPF: Complete Implementation. Upper Saddle River, NJ: Addison-Wesley Publishers.

Moy, J. OSPF Version 2, Internet Engineering Task Force, 1998. Retrieved on February 20, 2014 from http://tools.ietf.org/html/rfc2328

Savage, S., Wetherall, D., Karlin, A., & Anderson, T. (2000). TextitPractical network support for IP traceback, 2000 ACM SIGCOMM Conference.

Song, D., & Perrig, A. (2000). Advanced and authenticated marking schemes for IP traceback, technical report UCB/CSD-00-1107, University of California, Berkeley, CA.

Tan, J. (2001). Forensic readiness, Second Annual CanSecWest Conference.


Refbacks

  • There are currently no refbacks.




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law