A performance evaluation of Route Based Packet Marking (RBPM) for IP trace back

IP source address spoofing exploits a fundamental security weakness at the network layer of the Internet protocol (IP). IP datagrams with spoofed source address fields are employed in network-based attacks such as session hijacking and denial of service (DoS) to increase the potency of the attack as well as to conceal the identity of the attacker. DoS attacks in particular can be effectively mitigated by tracing attack packets to their source. Packet marking techniques can enable IP packets to be traced back to a point that is close to their actual source. Present packet marking techniques are hindered by compatibility issues between IPv4 and IPv6 and the need for multiple packets from one source for the source address to be identified. We propose a new packet marking method that builds on the flexibility of the packet marking principle, while overcoming the above mentioned shortcomings. We also compare the processing cost of the proposed method with present packet marking methods.