Check out the new USENIX Web site. next up previous
Next: Methods Up: Address Scrambling Previous: Address Scrambling Methods

Address Issues

non-unique addresses
Addresses not containing user identifiers may be left without scrambling. Those addresses include broadcast addresses, multicast addresses, and private addresses. In the case of IPv6, link-local addresses and site-local addresses could contain unique interface identifier (e.g., MAC address). A solicited-node multicast address contain lower bits of the global address. Therefore, these IPv6 addresses should be scrambled as well.

addresses in upper layers
IP addresses could be contained in an upper protocol message. For instance, ICMP and DNS contain IP addresses in their protocol payload. These addresses must be scrambled in the same manner, or removed.

MAC addresses
Link-layer headers (e.g., Ethernet headers) contain MAC addresses. A MAC address contains vendor and model information which could be part of user privacy or lead to a security hole. However, traces from backbone networks do not contain MAC addresses of user nodes since MAC addresses recorded in the trace are only from local nodes on the same segment.

IP/TCP options
IP options can contain IP addresses. Addresses in IP options should be scrambled in the same manner. Otherwise, IP options should be replaced by NOP options, or removed.

On the other hand, TCP options do not contain privacy information. TCP options carry useful information to analyze TCP behaviors so that TCP options may be preserved.


next up previous
Next: Methods Up: Address Scrambling Previous: Address Scrambling Methods
Kenjiro Cho
2000-04-23