Demonstration Experiments Towards Practical IP Traceback on the Internet

Recently, Distributed Denial of Service (DDoS) attacks have become a critical issue on the Internet. Theoretical approaches into traceback systems to counter these attacks have been actively researched. However, with no instances of actual application of traceback systems on the Internet, such a response has yet to achieve widespread adoption. This is because multiple autonomous systems (ASs) need to be linked to carry out end-to-end tracking, and this poses a number of issues, including (i) the operational and practical environmental constraints of installing equipment at a variety of Internet Exchange Points (IXPs), (ii) the need to establish operational procedures, and (iii) establishing the monitoring points needed to conduct the traceback. Given these factors, with the aim of achieving the widespread adoption of traceback systems on the Internet in Japan, in this paper we introduce the challenges posed by installing equipment at multiple ASs and report on tracking experiments conducted in response to simulated attacks. Specifically, in terms of (i) environmental constraints, this involved summarizing the size and access restrictions of installed equipment, and in terms of (ii) establishing operational procedures, this involved summarizing the role of operators from the outbreak of an incident to conducting traces and taking countermeasures. Additionally, we investigated the connection status of ASs in Japan to calculate (iii) the number of ASs in which equipment must be installed to satisfy the adoption rate required to carry out tracking.