Design of an FDB based Intra-domain Packet Traceback System

In this paper, we propose an FDB based intra-domain traceback system (FDB-DTS), which is a hybrid traceback system composed of packet digesting boxes and an iterative query engine to the forwarding data base (FDB) on local subnet switches. A Hash based IP Traceback system (HB-IPTBS) can track the detailed attack paths inside the intra-domain by packet digests, which are encoded packets by an one-way hash function. However, it forces to the operator to settle packet digesting boxes in each router, each switch, or each interface of each router/switch. Thus, HB-IPTBS requires a large investment budget and operation tasks. Our FDB-DTS is a light weight intra-domain hash based packet traceback system. Our FDB-DTS employs a MAC address trace tool for the tracking engine on an layer 2 network by using MAC addresses as keys. In the deployment of the traceback system, our FDB-DTS needs only one packet digesting agent in each layer 2 network, therefore, our FDB-DTS can reduce the investment costs and operation tasks. Here, we present the basic idea of the FDB-DTS and show the design of a sample implementation with a MAC address trace tool by SNMP iterative query.