Practical network support for IP traceback

Abstract

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or ``spoofed'', source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed ``post-mortem'' -- after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology.

DOI: 10.1145/347059.347560
View Slides

Extracted Key Phrases

050100150'99'01'03'05'07'09'11'13'15'17
Citations per Year

1,328 Citations

Semantic Scholar estimates that this publication has 1,328 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Savage2000PracticalNS, title={Practical network support for IP traceback}, author={Stefan Savage and David Wetherall and Anna R. Karlin and Thomas E. Anderson}, booktitle={SIGCOMM}, year={2000} }