WELCOME

A PROJECT ON

PRESENTED BY, SHEENA S

CONTENTS

SYNOPSIS PROJECT DESCRIPTION ORGANIZATION PROFILE SYSTEM ANALYSIS MODULE DESCRIPTION SYSTEM SPECIFICATION SCREEN SHOTS

SYNOPSIS

The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this project, I propose an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information.

IDPFs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. I establish the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, I show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

PROJECT DESCRIPTION

Finally, many popular attacks such as man-in-the-middle attacks, reflector-based attacks, and attackers use IP spoofing and require the ability to forge source addresses. Although attackers can insert arbitrary source addresses into IP packets, they cannot control the actual paths that the packets take to the destination.

The first and long-term recommendation is to adopt source IP address verification, which confirms the importance of the IP spoofing problem. IP spoofing will remain popular for a number of reasons. First, IP spoofing makes isolating attack traffic from legitimate traffic harder: packets with spoofed source addresses may appear to be from all around the Internet. Second, it presents the attacker with an easy way to insert a level of indirection. As a consequence, substantial effort is required to localize the source of the attack traffic.

Based on this observation, I have proposed the routebased packet filters as a way of mitigating IP spoofing. The idea is that by assuming single-path routing, there is exactly one single path between the source node and the destination node. Hence, any packet with the source address and the destination address that appear in a router that is not in path source and destination address should be discarded. The Internet consists of thousands of network domains or autonomous systems (ASs). Each AS communicates with its neighbors by using the Border Gateway Protocol (BGP), which is the de facto inter-domain routing protocol, to exchange information about its own networks and others that it can reach. BGP is a policy-based routing protocol in that both the selection and the propagation of the best route to a destination at an AS are guided by some locally defined routing policies.

ORGANIZATION PROFILE

About Us Search fox provides the full and better networking solutions that deliver business continuity and visibility, through robust and reliable network security and connectivity. By doing this, we could help the customer to make a better business transactions. We secure their enterprise resources from hackers and viruses, and make them the best in industry.

Its Time for a New Network At Searchfox Networks, we are leading the charge to architecting the new network. At the heart of the new network is our promise to transform the economics and experience of networking for our customers. We offer a highperformance network infrastructure built on simplicity, security, openness, and scale. We are innovating in ways that empower our customers, our partners, and ultimately everyone in a connected world. Our products and technologies run the worlds largest and most demanding networks today, enabling our customers to create value and accelerate business success within the new, rapidly changing global marketplace. Our customers include the top 130 global service providers, 96 of the Global Fortune 100, as well as hundreds of federal, state and local government agencies and higher education organizations throughout the world. As a pure play, high-performance networking company, we offer a broad product portfolio that spans routing, switching, security, application acceleration, identity policy and control, and management designed to provide unmatched performance, greater choice, and true flexibility, while reducing overall total cost of ownership. In addition, through strong industry partnerships, Searchfox Networks is fostering a broad ecosystem of innovation across the network.

Services DSL Internet Access Companies in small and large are required high speed internet connection now a days. Whether it's instant use of e-mail and the websites or the availability of sufficient bandwidth for the corporate Local Area Network,high speed internet access is becoming essential for corporate world. Lets have a look at myDSLSM. myDSLSM is very help ful for full-time connectivity, such as hosting a web server. My DSL fullfills the needs of applications that require high bandwidth in both directions,like file transfers. myDSL uses conventional telephone wiring also. Satellite Access Access Service

Contact us Searchfox Technologies #108, Nehru Street, Near Senthil Kumaran Theatre, Ramnagar, Coimbatore-641009. www.searchfoxtechnologies.com E-Mail:support@searchfoxtechnologies.com Ph: +91-9894141348

myDISH.netSM Satellite Access Service (Internet and Private Access) Data connections between a remote location and a hub to the Internet is possible through Intercom Access.

SYSTEM ANALYSIS

EXISTING SYSTEM

Distributed Denial-of-Service (DDoS) attacks pose an increasingly grave threat to the Internet, as evident in recent DDoS attacks mounted on both popular Internet sites and the Internet infrastructure. Alarmingly, DDoS attacks are observed on a daily basis on most of the large backbone networks. One of the factors that complicate the mechanisms for policing such attacks is IP spoofing, which is the act of forging the source addresses in IP packets. By masquerading as a different host, an attacker can hide its true identity and location, rendering source based packet filtering less effective. Thus, Existing system uses Network Ingress Filtering. Ingress filtering primarily prevents a specific network from being used for attacking others.

PROPOSED SYSTEM

Inspired by the route-based packet filters, I propose an InterDomain Packet Filter (IDPF) architecture, a router based packet filter system that can be constructed solely based on the locally exchanged BGP updates, assuming that all ASs employ a set of routing policies that are commonly used today. They showed that packet filters constructed based on the global routing information can significantly limit IP spoofing when deployed in just a small number of ASs. In this work, I extend the idea and demonstrate that filters that are built based on local BGP updates can also be effective. First, I describe how I can practically construct IDPFs at an AS by only using the information in the locally exchanged BGP updates.

Second, I establish the conditions under which the proposed IDPF framework works correctly in that it does not discard packets with valid source addresses. Third, to evaluate the effectiveness of the proposed architecture, we conduct extensive simulation studies based on AS topologies and AS paths extracted from real BGP data. The results show that, even with partial deployment, the architecture can proactively limit an attackers ability to spoof packets. When a spoofed packet cannot be stopped, IDPFs can help localize the attacker to a small number of candidates ASs, which can significantly improve the IP trace back situation. In addition, IDPF-enabled ASs (and their customers) provides better protection against IP spoofing attacks than the ones that do not support IDPFs. This should give network administrators incentives to deploy IDPFs

MODULE DESCRIPTION

Check and lookup the local network Content Selection Encryption BGP Hackers Decryption

Check and lookup the local network This is module, which executes at the loading time to check and lookup the local network. It gets all the systems, which are connected, to that local network. This helps to the gets current working nodes that means which are active and ready for access in the network. Content Selection It uses a dialog box to open a required file format, but it mainly supports only for the text support files. The file loaded to a file variable, Then it send to the next stage Encryption area. Encryption In this the original data is converted to some other format using chips algorithm so that incase some intruder may hack the file at any reason or at any cost, but they wont get the original data unless it decrypted in proper format.

BGP In this Modules BGP (Border Gateway Protocol) is a protocol that communicates across the network and also monitoring the client present in the network. It has all client details as a table. The connection is established with the client and the Router. The Encrypted data is transmitted to the Router which can send or redirect to the correct destination address. The Router checks whether the sender and receiver are proper to the network. Incase the ender (hacker) is not a proper member in the network then that node is said to the attacker node, then the message will not sent to the destination. Otherwise the message will send to the destination address.

Hackers The hacker will act as a client in the distributed network. The hacker may have false name in the network and virtually seems to be present within the current network. It selects the destination address which original present in the network. Decryption At the destination the received encrypted data will under go decryption to get the original data, which was sent by the sender. Decryption using chips algorithm for the decryption of the received data to the original content. After decryption only the data will be meaningful. The Encryption and Decryption gives the security to data while transferring.

SYSTEM SPECIFICATION
HARDWARE SPECIFICATION PROCESSOR RAM MONITOR HARD DISK FLOPPY DRIVE CDDRIVE KEYBOARD PENTIUM IV 2.6 GHz 512 MB DD RAM 15 COLOR 20 GB 1.44 MB LG 52X STANDARD 102 KEYS

SOFTWARE SPECIFICATION FRONT END OPERATING SYSTEM BACK END Java swing and Networking Windows XP SQL Server 2005

SCREEN SHOTS

Source Node S

NODE A

NODE B

NODE C

NODE D

File & Destination Node has been selected

Message present in the source file

Showing the possible path from Source Node S to Node A

Showing the possible path from Source Node S to Node B

Showing the possible path from Source Node S to Node C

Showing the possible path from Source Node S to Node D

Feasible path from Source Node S to Node D

Message sent to Destination Node D

THANK YOU