Hash-based IP traceback

  • Authors:
  • Alex C. Snoeren;Craig Partridge;Luis A. Sanchez;Christine E. Jones;Fabrice Tchakountio;Stephen T. Kent;W. Timothy Strayer

  • Affiliations:
  • BBN Technologies, 10 Moulton Street, Cambridge, MA and MIT Laboratory for Computer Science;BBN Technologies, 10 Moulton Street, Cambridge, MA;BBN Technologies, 10 Moulton Street, Cambridge, MA;BBN Technologies, 10 Moulton Street, Cambridge, MA;BBN Technologies, 10 Moulton Street, Cambridge, MA;BBN Technologies, 10 Moulton Street, Cambridge, MA;BBN Technologies, 10 Moulton Street, Cambridge, MA

  • Venue:
  • Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion.We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.