Using router stamping to identify the source of IP packets
Proceedings of the 7th ACM conference on Computer and communications security
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Pop-level and access-link-level traffic dynamics in a tier-1 POP
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Cisco Secure Intrusion Detection Systems
Cisco Secure Intrusion Detection Systems
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Beyond folklore: observations on fragmented traffic
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Tracing Network Attacks to Their Sources
IEEE Internet Computing
Design and Implementation of Unauthorized Access Tracing System
SAINT '02 Proceedings of the 2002 Symposium on Applications and the Internet
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
IEEE Communications Magazine
Detecting DRDoS attacks by a simple response packet confirmation mechanism
Computer Communications
ICDCN'11 Proceedings of the 12th international conference on Distributed computing and networking
Distributed denial of service attack detection using an ensemble of neural classifier
Computer Communications
Multi-stage change-point detection scheme for large-scale simultaneous events
Computer Communications
Overlay logging: an IP traceback scheme in MPLS network
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
| Hi-index | 0.00 |
In this article, we present a novel approach to IP Traceback - deterministic packet marking (DPM). DPM is based on marking all packets at ingress interfaces. DPM is scalable, simple to implement, and introduces no bandwidth and practically no processing overhead on the network equipment. It is capable of tracing thousands of simultaneous attackers during a DDoS attack. Given sufficient deployment on the Internet, DPM is capable of tracing back to the slaves responsible for DDoS attacks that involve reflectors. In DPM, most of the processing required for traceback is done at the victim. The traceback process can be performed post-mortem allowing for tracing the attacks that may not have been noticed initially, or the attacks which would deny service to the victim so that traceback is impossible in real time. The involvement of the Internet Service Providers (ISPs) is very limited, and changes to the infrastructure and operation required to deploy DPM are minimal. DPM is capable of performing the traceback without revealing topology of the providers' network, which is a desirable quality of a traceback method.