Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Hi-index | 0.04 |
Defending against denial-of-service(DoS) attacks is one of the hardest security problems on the Internet today. One difficulty to thwart these attacks is totrace the source of the attacks because they often use incorrect, or spoofed IP source addresses to disguise the true origin Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback. problem for the following reasons: they require DoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale Distributed DoS attacks; and they do not support incremental deployment. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Marking Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin, we were able to decrease the number of needed packets to traceback the IP address.