Modified Deterministic Packet Marking for DDoS Attack Traceback in IPv6 Network

Although possible security threats were taken into consideration when IPv6 was formulated, attacks, especially distributed denial-of-service (DDoS), still exist in IPv6 network. This makes IP trace back schemes very relevant to the security of IPv6 network. As many current IP trace back schemes are designed according to IPv4, they can not be directly used in IPv6 network. A modified Deterministic Packet Marking (DPM) for DDoS attack trace back in IPv6 network is presented in this work. This method is able to trace a huge number of simultaneous DDoS attackers. As the trace back process can be performed post-mortem, it can also trace the attacks that have not been noticed at first. Besides, it only takes a small amount of marked packets to complete the trace back process. It is also simple to implement and consumes practically no additional processing overhead on the network equipments. Although the initial motivation of modified DPM is to trace DDoS attack, it can also be used to filter anomaly traffic in IPv6 network.