Network Support for IP Traceback describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. The work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed," source addresses.
I describe a general purpose traceback mechanism based on probabilistic packet marking in the network. The approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed after an attack has completed. I present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology.
Our techniques feature low network and router overhead, and support incremental deployment. The techniques have significantly higher precision (lower false positive rate) and lower computation overhead for the victim to reconstruct the attack paths under small scale distributed denial-of-service attacks.
The attachments include: Abstract, Code File, PPTs, Report and Papers for reference.