Single-packet IP traceback

Author

Snoeren, Alex C. ; Partridge, Craig ; Sanchez, Luis A. ; Jones, Christine E. ; Tchakountio, Fabrice ; Schwartz, Beverly ; Kent, Stephen T. ; Strayer, W. Timothy

Author_Institution

Lab. for Comput. Sci., MIT, Cambridge, MA, USA

Volume

10

Issue

6

fYear

2002

fDate

12/1/2002 12:00:00 AM

Firstpage

721

Lastpage

734

Abstract

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet´s origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet´s true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system´s effectiveness.

Keywords

Internet; packet switching; routing protocols; telecommunication traffic; transport protocols; IP packet; Internet; hash-based technique; packet tracing; protocol; routing hardware; single-packet IP traceback; traffic audit trails; Computational modeling; Computer crime; Computer network management; Encapsulation; Filtering; Hardware; Network address translation; Protocols; Routing; Telecommunication traffic;

fLanguage

English

Journal_Title

Networking, IEEE/ACM Transactions on

Publisher

ieee

ISSN

1063-6692

Type

jour

DOI

10.1109/TNET.2002.804827

Filename

1134298