Publication | Open Access
Practical network support for IP traceback
1.1K
Citations
20
References
2000
Year
Internet Traffic AnalysisEngineeringInformation SecurityNetwork PathNetwork AnalysisInformation ForensicsPractical Network SupportAttack TrafficFormal VerificationDenial-of-service AttackAnonymous PacketDdos DetectionComputer ScienceNetwork ForensicsData SecurityCryptographyFault-tolerant NetworkInternet ProtocolNetwork Traffic MeasurementNetwork Monitoring
Denial‑of‑service attacks are increasingly frequent and sophisticated, and tracing packets with spoofed source addresses is difficult. The authors propose a general‑purpose traceback mechanism that uses probabilistic packet marking to trace anonymous flooding attacks back to their source. The mechanism employs probabilistic packet marking, can be deployed incrementally, is backwards compatible, and supports post‑mortem traceback using conventional network technology. The approach enables victims to identify attack paths without ISP support, works post‑mortem, and is efficiently implementable with incremental deployment.
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or ``spoofed'', source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed ``post-mortem'' -- after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology.
| Year | Citations | |
|---|---|---|
Page 1
Page 1