Hop Count Based Packet Processing Approach to Counter DDoS Attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are posing major threat to today´s essential Internet service. The need to protect servers and connected systems is an important aspect in network security. Hence this research work proposes a novel approach called Hop Count based Packet processing to counter DDoS attacks. DDoS attacks are difficult to identify at the source since the attackers use spoofed IP addresses. But it is not possible for the attackers to spoof the Hop Count value in the IPV6 header. This research work utilizes this idea to counter the attacks and it is assumed that all the systems in the current Internet architecture are located within a maximum hop count value of 255. In this approach the packets from the systems at the same hop count and traversing through the same router are marked with the same identification number. This number is derived by the concatenation of the 32 bits of the IP address of the router path and the encrypted value of the hop count. At the receiving side of the router interface the hop count value of the incoming packet is checked with the already stored value. This technique provides an advantage of immediately filtering the traffic after receiving just one attack packet and it does not require any change in the existing protocols. Thus this technique has a significant potential in reducing the threats caused by the DDoS attacks.