Title :
COTraSE: Connection Oriented Traceback in Switched Ethernet
Author :
Andreou, Marios ; Van Moorsel, Aad
Author_Institution :
Sch. of Comput. Sci., Newcastle Univ., Newcastle upon Tyne
Abstract :
Layer 2 traceback is an important component of end-to-end packet traceback. Whilst IP traceback identifies the origin network, L2 traceback extends the process to provide a more fine-grained result. Other known proposals have exposed the difficulties of L2 traceback in switched Ethernet. We build on our earlier work and improve in a number of dimensions. Memory requirements are decreased by maintaining ´connection records´ rather than logging all frames. Our switchport resolution algorithm provides error detection by correlating MAC address table values from two adjacent switches. Our solution also takes stock of potential transformations to packet data as this leaves the local network. We have implemented the core algorithm and used data from available WAN traces to demonstrate the potential memory efficiency of our approach.
Keywords :
access protocols; local area networks; COTraSE; IP traceback; MAC address table; WAN traces; connection oriented traceback; end-to-end packet traceback; error detection; layer 2 traceback; local network; media access control; packet data; switched ethernet; switchport resolution algorithm; wide area networks; Ethernet networks; Information security; Internet; Local area networks; Network address translation; Packet switching; Proposals; Protocols; Switches; Wide area networks; IP traceback; Layer 2 traceback; Network accountability; Switched Ethernet traceback;
Conference_Titel :
Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
Conference_Location :
Naples
Print_ISBN :
978-0-7695-3324-7
DOI :
10.1109/IAS.2008.25
