More Web Proxy on the site http://driver.im/

article

Free access

Practical network support for IP traceback

Authors:

David Wetherall,

Tom AndersonAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 30, Issue 4

Pages 295 - 306

https://doi.org/10.1145/347057.347560

Published: 28 August 2000 Publication History

Abstract

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or ``spoofed'', source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed ``post-mortem'' -- after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology.

References

[1]

F. Baker. Requirements for IP Version 4 Routers. RFC 1812, June 1995.]]

Digital Library

[2]

G. Banga, P. Druschel, and J. Mogul. Resource Containers: A New Facility for Resource Management in Server Systems. In Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, pages 45-58, Feb. 1999.]]

Digital Library

[3]

S. M. Bellovin. Security Problems in the TCP/IP Protocol Suite. ACM Computer Communications Review, 19(2):32-48, Apr. 1989.]]

Digital Library

[4]

S. M. Bellovin. ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt, Mar. 2000.]]

[5]

R. Braden. Requirements for Internet Hosts - Communication Layers. RFC 1122, Oct. 1989.]]

Digital Library

[6]

H. Burch and B. Cheswick. Tracing Anonymous Packets to Their Approximate Source. Unpublished paper, Dec. 1999.]]

[7]

R. L. Carter and M. E. Crovella. Dynamic Server Selection Using Dynamic Path Characterization in Wide-Area Networks. In Proceedings of the 1997 IEEE INFOCOM Conference, Kobe, Japan, Apr. 1997.]]

Digital Library

[8]

B. Cheswick and H. Burch. Internet Mapping Project. http://cm.bell-labs.com/who/ches/map/ index.html, 2000.]]

[9]

Cisco Systems. Configuring TCP Intercept (Prevent Denial-of-Service Attacks). Cisco IOS Documentation, Dec. 1997.]]

[10]

K. Claffy and S. McCreary. Sampled Measurements from June 1999 to December 1999 at the AMES Inter-exchange Point. Personal Communication, Jan. 2000.]]

[11]

Computer Emergency Response Team. CERT Advisory CA-96.26 Denial-of-Service Attack via pings. http://www.cert.org/advisories/CA-96.26. ping.html, Dec. 1996.]]

[12]

Computer Emergency Response Team. CERT Advisory CA-97.28 IP Denial-of-Service Attacks. http://www. cert.org/advisories/CA-97.28.smurf.html, Dec. 1997.]]

[13]

Computer Emergency Response Team. CERT Advisory CA-98.01 smurf IP Denial-of-Service Attacks. http://www.cert.org/advisories/CA-98.01. smurf.html, Jan. 1998.]]

[14]

Computer Emergency Response Team. CERT Advisory CA-2000-01 Denial-of-Service Developments. http:// www.cert.org/advisories/CA-2000-01.html, Jan. 2000.]]

[15]

Computer Emergency Response Team. CERT Incident Note IN-2000-04 Denial-of-Service Attacks using Nameservers. http://www.cert.org/incident_notes/ IN-200-04.html, Apr. 2000.]]

[16]

Computer Security Institute and Federal Bureau of Investigation. 1999 CSI/FBI Computer Crime and Security Survey. Computer Security Institute publication, Mar. 1999.]]

[17]

Cooperative Associationfor Internet Data Analysis. Skitter Analysis. http: //www.caida.org/Tools/Skitter/Summary/, 2000.]]

[18]

S. Deering. Internet protocol, version 6 (ipv6). RFC 2460, Dec. 1998.]]

[19]

W. Feller. An Introduction to Probability Theory and Its Applications (2nd edition), volume 1. Wiley and Sons, 1966.]]

[20]

P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267, Jan. 1998.]]

Digital Library

[21]

J. Glave. Smurfing Cripples ISPs. Wired Technolgy News: (http://www.wired.com/news/news/ technology/story/9506.html), Jan. 1998.]]

[22]

I. Goldberg and A. Shostack. Freedom Network 1.0 Architecture and Protocols. Zero-Knowledge Systems White Paper, Nov. 1999.]]

[23]

R. Govindan and H. Tangmunarunkit. Heuristics for Internet Map Discovery. In Proceedings of the 2000 IEEE INFOCOM Conference, Tel Aviv, Israel, Mar. 2000.]]

[24]

L. T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In 1996 National Information Systems Security Conference, pages 371-378, Baltimore, MD, Oct. 1996.]]

[25]

J. D. Howard. An Analysis of Security Incidents on the Internet. PhD thesis, Carnegie Mellon University, Aug. 1998.]]

Digital Library

[26]

P. Karn and W. Simpson. Photuris: Session-Key Management Protocol. RFC 2522, Mar. 1999.]]

Digital Library

[27]

C. Kent and J. Mogul. Fragmentation Considered Harmful. In Proceedings of the 1987 ACM SIGCOMM Conference, pages 390-401, Stowe, VT, Aug. 1987.]]

Digital Library

[28]

S. Kent and R. Atkinson. Security architecture for the internet protocol. RFC 2401, Nov. 1998.]]

Digital Library

[29]

C. Meadows. A Formal Framework and Evaluation Method for Network Denial of Service. In Proceedings of the 1999 IEEE Computer Security Foundations Workshop, Mordano, Italy, June 1999.]]

Digital Library

[30]

J. Mogul and S. Deering. Path MTU Discovery. RFC 1191, Nov. 1990.]]

Digital Library

[31]

R. T. Morris. A Weakness in the 4.2BSD Unix TCP/IP Software. Technical Report Computer Science #117, AT&T Bell Labs, Feb. 1985.]]

[32]

V. Paxson. End-to-End Routing Behavior in the Internet. IEEE/ACM Transactions on Networking, 5(5):601-615, Oct. 1997.]]

Digital Library

[33]

C. Perkins. IP Mobility Support. RFC 2002, Oct. 1996.]]

[34]

J. Postel. Internet Protocol. RFC 791, Sept. 1981.]]

[35]

M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communications, 16(4):482-494, May 1998.]]

Digital Library

[36]

E. C. Rosen, Y. Rekhter, D. Tappan, D. Farinacci, G. Fedorkow, T. Li, and A. Conta. MPLS Label Stack Encoding. Internet Draft: draft-ietf-mpls-label-encaps-07.txt (expires March 2000), Sept. 1998.]]

Digital Library

[37]

G. Sager. Security Fun with OCxmon and cflowd. Presentation at the Internet 2 Working Group, Nov. 1998.]]

[38]

O. Spatscheck and L. Peterson. Defending Against Denial of Service Attacks in Scout. In Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, pages 59-72, Feb. 1999.]]

Digital Library

[39]

S. Staniford-Chen and L. T. Heberlein. Holding Intruders Accountable on the Internet. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages 39-49, Oakland, CA, May 1995.]]

Digital Library

[40]

I. Stoica and H. Zhang. Providing Guaranteed Services Without Per Flow Management. In Proceedings of the 1999 ACM SIGCOMM Conference, pages 81-94, Boston, MA, Aug. 1999.]]

Digital Library

[41]

R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July 2000.]]

Digital Library

[42]

W. Theilmann and K. Rothermel. Dynamic Distance Maps of the Internet. In Proceedings of the 2000 IEEE INFOCOM Conference, Tel Aviv, Israel, Mar. 2000.]]

[43]

C. Villamizar. Personal Communication, Feb. 2000.]]

[44]

M. Vivo, E. Carrasco, G. Isern, and G. O. Vivo. A review of port scanning techniques. ACM Computer Communications Review, 29(2):41-48, Apr. 1999.]]

Digital Library

[45]

Y. Zhang and V. Paxson. Stepping Stone Detection. In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July 2000.]]

Cited By

Chagnon DThiry-Atighehchi KChalhoub G(2025)A Survey on Path Validation: Towards Digital SovereigntyComputer Networks10.1016/j.comnet.2024.110905256(110905)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2024.110905
Bellovin S(2025)IP TracebackEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_268(1294-1297)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_268
Zhao ZLiu ZChen HZhang FSong ZLi Z(2024)Effective DDoS Mitigation via ML-Driven In-Network Traffic ShapingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334918021:4(4271-4289)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3349180
Show More Cited By

Index Terms

Practical network support for IP traceback

Recommendations

Practical network support for IP traceback
SIGCOMM '00: Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing ...
Network support for IP traceback

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing ...
IP Traceback method by OpenFlow
ICSIM '20: Proceedings of the 3rd International Conference on Software Engineering and Information Management

IP traceroute is used to find the routes of egress packets, while IP traceback is used to find the routes of ingress packets. DDoS attacks spoof source IP address and IP traceback is useful to detect true source IP address of DDoS attacks. This paper ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 30, Issue 4

October 2000

319 pages

ISSN:0146-4833

DOI:10.1145/347057

Editor:
Roch Guerin
Univ. of Pennsylvania, Philadelphia

Issue’s Table of Contents

SIGCOMM '00: Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
August 2000
348 pages
ISBN:1581132239
DOI:10.1145/347059
Chairman:
Craig Partridge
BBN Technologies, Cambridge, MA

Copyright © 2000 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 August 2000

Published in SIGCOMM-CCR Volume 30, Issue 4

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

694
Total Citations
View Citations
4,935
Total Downloads

Downloads (Last 12 months)349
Downloads (Last 6 weeks)59

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chagnon DThiry-Atighehchi KChalhoub G(2025)A Survey on Path Validation: Towards Digital SovereigntyComputer Networks10.1016/j.comnet.2024.110905256(110905)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2024.110905
Bellovin S(2025)IP TracebackEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_268(1294-1297)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_268
Zhao ZLiu ZChen HZhang FSong ZLi Z(2024)Effective DDoS Mitigation via ML-Driven In-Network Traffic ShapingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334918021:4(4271-4289)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3349180
Prof. B. V. Jadhav Mansi Mahamuni Akshata Ghodke Akshata Ghodke Vrushali Chavan (2023)Detection of DDoS AttackInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-8872(498-500)Online publication date: 25-Mar-2023
https://doi.org/10.48175/IJARSCT-8872
Zhang MLi GKong XLiu CXu MGu GWu J(2023)NetHCF: Filtering Spoofed IP Traffic With Programmable SwitchesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316101520:2(1641-1655)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3161015
Raashid SNimmagadda TSai CGandhi AC K(2023)Detection Methods for Distributed Denial of Services (DDOS) Attacks2023 7th International Conference on Computing Methodologies and Communication (ICCMC)10.1109/ICCMC56507.2023.10083689(1134-1139)Online publication date: 23-Feb-2023
https://doi.org/10.1109/ICCMC56507.2023.10083689
Li JSisodia DFeng YShi LZhang MEarly CReiher P(2023)Toward Adaptive DDoS-Filtering Rule Generation2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288699(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288699
Chen YWang YHuang GLi J(2023)ExtHT: A hybrid tracing method for cyber-attacks in power industrial control systemsISA Transactions10.1016/j.isatra.2022.10.024136(1-15)Online publication date: May-2023
https://doi.org/10.1016/j.isatra.2022.10.024
Ahmed MEl-Hajjar A(2023)A Proactive Approach to Protect Cloud Computing Environment Against a Distributed Denial of Service (DDoS) AttackAI, Blockchain and Self-Sovereign Identity in Higher Education10.1007/978-3-031-33627-0_10(243-278)Online publication date: 23-Jun-2023
https://doi.org/10.1007/978-3-031-33627-0_10
Shi LLi JZhang MReiher P(2022)On Capturing DDoS Traffic Footprints on the InternetIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.307408619:4(2755-2770)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3074086
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents