Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
The Switch Book: The Complete Guide to LAN Switching Technology
The Switch Book: The Complete Guide to LAN Switching Technology
IEEE/ACM Transactions on Networking (TON)
An implementation of a hierarchical IP traceback architecture
SAINT-W '03 Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops)
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Linux Device Drivers, 3rd Edition
Linux Device Drivers, 3rd Edition
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
| Hi-index | 0.00 |
IP Traceback systems facilitate tracing of IP packets back to their origin, despite possibly forged or overwritten source address data. A common shortcoming of existing proposals is that they identify source network, but not the source host. Our work extends the traceback process to allow tracing of (switched) Ethernet frames. We build on SPIE (which operates at IP routers) to design and implement 'switch-SPIE'. Traffic logging is deployed in a 'switch-DGA' tap-box at each switch. The (switched) Ethernet traffic visibility issue is resolved with port mirroring, and the MAC address table establishes causality between source MAC address and source switch port. Our solution works for any network topology, as opposed to earlier layer 2 extensions to IP Traceback. We provide an implementation and experimental evaluation to establish the efficacy of our approach, with respect to processing overhead and memory use.