Title :
Network support for IP traceback
Author :
Savage, Stefan ; Wetherall, David ; Karlin, Anna ; Anderson, Tom
Author_Institution :
Dept. of Comput. Sci. & Eng., California Univ., San Diego, La Jolla, CA, USA
fDate :
6/1/2001 12:00:00 AM
Abstract :
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or “spoofed,” source addresses. We describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet service providers (ISPs). Moreover, this traceback can be performed “post mortem”-after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology
Keywords :
Internet; packet switching; security of data; telecommunication security; transport protocols; IP spoofing; IP traceback; ISP; Internet; Internet service providers; abstract algorithms; anonymous packet flooding attacks; attack traffic; backward compatible implementation; denial-of-service attacks; encoding strategy; general purpose traceback mechanism; network path identification; network support; packets tracing; post mortem traceback; probabilistic packet marking; spoofed source addresses; Communication system traffic control; Computer crime; Computer network management; Computer science; Computer security; Frequency; Network servers; Stochastic processes; Telecommunication traffic; Web and internet services;
Journal_Title :
Networking, IEEE/ACM Transactions on
