Single-packet IP traceback

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Single-packet IP traceback

Full text

Pdf (528 KB)

Source

IEEE/ACM Transactions on Networking (TON) archive
Volume 10 , Issue 6 (December 2002) table of contents

Pages: 721 - 734

Year of Publication: 2002

ISSN:1063-6692

Authors

Alex C. Snoeren	IEEE and MIT Laboratory for Computer Science, Cambridge, MA and BBN Technologies, Cambridge, MA
Craig Partridge	IEEE and BBN Technologies, Cambridge, MA
Luis A. Sanchez	Megisto Systems, Inc., Germantown, MD
Christine E. Jones	BBN Technologies, Cambridge, MA
Fabrice Tchakountio	IEEE and BBN Technologies, Cambridge, MA
Beverly Schwartz	BBN Technologies, Cambridge, MA
Stephen T. Kent	BBN Technologies, Cambridge, MA
W. Timothy Strayer	IEEE and BBN Technologies, Cambridge, MA

Publisher

IEEE Press Piscataway, NJ, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 134, Citation Count: 42

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	10.1109/TNET.2002.804827

ABSTRACT

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Microsoft Corporation. Stop 0A in tcpip.sys when receiving out of band (OOB) data. {Online}. Available: http://support.microsoft.com/support/kb/articles/Q143/4/78.asp
	2	P. Ferguson and D. Senie, "Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing," IETF, RFC 2267, Jan. 1998.
	3	Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970 [doi>10.1145/362686.362692]
	4	Vern Paxson, End-to-end internet packet dynamics, IEEE/ACM Transactions on Networking (TON), v.7 n.3, p.277-292, June 1999 [doi>10.1109/90.779192]
	5	C. Shannon, D. Moore, and K. Claffy, "Characteristics of fragmented IP traffic on Internet links," presented at the RIPE Workshop Passive and Active Measurements, Amsterdam, The Netherlands, Apr. 2001.
	6	Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001 [doi>10.1145/505659.505664]
	7	F. Baker, "Requirements for IP version 4 routers," IETF, RFC 1812, June 1995.
	8	S. McCreary and K. Claffy, "Trends in wide area IP traffic patterns: A view from Ames Internet exchange," presented at the ITC Specialist Seminar IP Traffic Modeling, Measurement and Management, Monterey, CA, Sept. 2000.
	9	Hal Burch, Tracing Anonymous Packets to Their Approximate Source, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	10	Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Network support for IP traceback, IEEE/ACM Transactions on Networking (TON), v.9 n.3, p.226-237, June 2001 [doi>10.1109/90.929847]
	11	S. M. Bellovin, M. Leech, and T. Taylor, "ICMP traceback messages," IETF, Internet Draft, draft-ietf-itrace-01.txt (work in progress), Oct. 2001.
	12	D. X. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proc. IEEE Infocom'01, Apr. 2001, pp. 878-886.
	13	A. Mankin, D. Massey, C.-L. Wu, S. F. Wu, and L. Zhang, "On design and evaluation of 'intention-driven' ICMP traceback," in Proc. IEEE Int. Conf. Computer Communications and Networks, Oct. 2001, pp. 159-165.
	14	G. Sager. "Security fun with OCxmon and cflowd", presented at Internet 2 Working Group Meeting. {Online}. Available: http://www.caida.org/projects/NGI/content/security/1198.
	15	D. Schnackenberg, K. Djahandari, and D. Sterne, "Infrastructure for intrusion detection and response," in Proc. First DARPA Information Survivability Conf. Exposition, vol. 2, Jan. 2000, pp. 1003-1011.
	16	R. Stone, "CenterTrack: An IP overlay network for tracking DoS floods," in Proc. USENIX Security Symp., July 2000, pp. 199-212.
	17	N. G. Duffield , M. Grossglauser, Trajectory sampling for direct traffic observation, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.271-282, August 28-September 01, 2000, Stockholm, Sweden
	18	Li Fan , Pei Cao , Jussara Almeida , Andrei Z. Broder, Summary cache: a scalable wide-area web cache sharing protocol, IEEE/ACM Transactions on Networking (TON), v.8 n.3, p.281-293, June 2000 [doi>10.1109/90.851975]
	19	L. Carter and M. Wegman, "Universal classes of hash functions," J. Comput. Syst. Sci., vol. 18, no. 2, pp. 143-154, 1979.
	20	John Black , Shai Halevi , Hugo Krawczyk , Ted Krovetz , Phillip Rogaway, UMAC: Fast and Secure Message Authentication, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.216-233, August 15-19, 1999
	21	Shai Halevi , Hugo Krawczyk, MMH: Software Message Authentication in the Gbit/Second Rates, Proceedings of the 4th International Workshop on Fast Software Encryption, p.172-189, January 20-22, 1997
	22	Hugo Krawczyk, LFSR-based Hashing and Authentication, Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology, p.129-139, August 21-25, 1994
	23	J. Postel, "Internet protocol," IETF, RFC 791, Sept. 1981.
	24	____, "Internet control message protocol," IETF, RFC 792, Sept. 1981.
	25	R. Rivest, "The MD5 message-digest algorithm," IETF, RFC 1321, Apr. 1992.
	26	L. A. Sanchez, W. C. Milliken, A. C. Snoeren, F. Tchakountio, C. E. Jones, S. T. Kent, C. Partridge, and W. T. Strayer, "Hardware support for a hash-based IP traceback," in Proc. Second DARPA Information Survivability Conf. Exposition, vol. 2, June 2001, pp. 146-152.
	27	C. Fraleigh, C. Diot, B. Lyles, S. Moon, P. Owezarski, D. Papagiannaki, and F. Tobagi, "Design and deployment of a passive monitoring infrastructure," presented at the RIPE Workshop Passive and Active Measurements, Amsterdam, The Netherlands, Apr. 2001.
	28	Donald Ervin Knuth, The Art of Computer Programming, 2nd Ed. (Addison-Wesley Series in Computer Science and Information, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1978

CITED BY 44

	Minho Sung , Jun Xu , Jun Li , Li Li, Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation, IEEE/ACM Transactions on Networking (TON), v.16 n.6, p.1253-1266, December 2008
	Udaya Kiran Tupakula , Vijay Varadharajan, Analysis of traceback techniques, Proceedings of the 2006 Australasian workshops on Grid computing and e-research, p.115-124, January 16-19, 2006, Hobart, Tasmania, Australia
	Marios S. Andreou , Aad van Moorsel, Logging based IP Traceback in switched ethernets, Proceedings of the 1st European workshop on system security, March 31-31, 2008, Glasgow, Scotland
	S. Malliga , A. Tamilarasi, A proposal for new marking scheme with its performance evaluation for IP traceback, WSEAS Transactions on Computer Research, v.3 n.4, p.259-272, April 2008
	Mehmet H. Gunes , Sevcan Bilir , Kamil Sarac , Turgay Korkmaz, A measurement study on overhead distribution of value-added internet services, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.14, p.4153-4173, October, 2007
	Min Cai , Jianping Pan , Yu-Kwong Kwok , Kai Hwang, Fast and accurate traffic matrix measurement using adaptive cardinality counting, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA
	Chun-Hsin Wang , Chang-Wu Yu , Chiu-Kuo Liang , Kun-Min Yu , Wen Ouyang , Ching-Hsien Hsu , Yu-Guang Chen, Tracers placement for IP traceback against DDoS attacks, Proceeding of the 2006 international conference on Communications and mobile computing, July 03-06, 2006, Vancouver, British Columbia, Canada
	Jun Li , Jelena Mirkovic , Toby Ehrenkranz , Mengqiu Wang , Peter Reiher , Lixia Zhang, Learning the valid incoming direction of IP packets, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.2, p.399-417, February, 2008
	Erol Gelenbe , George Loukas, A self-aware approach to denial of service defence, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.5, p.1299-1314, April, 2007
	Hassan Aljifri, IP Traceback: A New Denial-of-Service Deterrent?, IEEE Security and Privacy, v.1 n.3, p.24-31, May 2003
	Udaya Kiran Tupakula , Vijay Varadharajan , Srini Rao Pandalaneni, DoSTRACK: a system for defending against DoS attacks, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
	Mark Allman , Ethan Blanton , Vern Paxson, An architecture for developing behavioral history, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.7-7, July 07, 2005, Cambridge, MA
	Gu Hsin Lai , Chia-Mei Chen , Bing-Chiang Jeng , Willams Chao, Ant-based IP traceback, Expert Systems with Applications: An International Journal, v.34 n.4, p.3071-3080, May, 2008
	Shigang Chen , Qingguo Song, Perimeter-Based Defense against High Bandwidth DDoS Attacks, IEEE Transactions on Parallel and Distributed Systems, v.16 n.6, p.526-537, June 2005
	Craig Partridge, 10 papers for the Ph.D. student in networking, ACM SIGCOMM Computer Communication Review, v.37 n.2, April 2007
	S. Malliga , A. Tamilarasi, Collaborative Framework for Detection, Prevention, and Traceback of Flooding Attacks Using Marking and Filtering, Information Security Journal: A Global Perspective, v.18 n.2, p.74-86, January 2009
	Chwan Hwa John Wu , Tong Liu, Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS), Proceedings of the 2008 Spring simulation multiconference, April 14-17, 2008, Ottawa, Canada
	Seung Jun , Mark Astley, Low-overhead message tracking for distributed messaging, Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware, November 01-01, 2006, Melbourne, Australia
	Jenshiuh Liu , Zhi-Jian Lee , Yeh-Ching Chung, Dynamic probabilistic packet marking for efficient IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.866-882, February, 2007
	Patrick Verkaik , Oliver Spatscheck , Jacobus Van der Merwe , Alex C. Snoeren, PRIMED: community-of-interest-based DDoS mitigation, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.147-154, September 11-15, 2006, Pisa, Italy
	Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments, Proceedings of the 39th annual Symposium on Simulation, p.2-9, April 02-06, 2006
	Andrey Belenky , Nirwan Ansari, On deterministic packet marking, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.10, p.2677-2700, July, 2007
	Mikhail Afanasyev , David G. Andersen , Alex C. Snoeren, Efficiency through eavesdropping: link-layer packet caching, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.105-118, April 16-18, 2008, San Francisco, California
	Andrew L. Burt , Michael Darschewski , Indrajit Ray , Ramakrishna Thurimella , Hailin Wu, Origins: an approach to trace fast spreading worms to their roots, International Journal of Security and Networks, v.3 n.1, p.36-46, December 2008
	Alex C. Snoeren , Barath Raghavan, Decoupling policy from mechanism in Internet routing, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
	Edmund L. Wong , Praveen Balasubramanian , Lorenzo Alvisi , Mohamed G. Gouda , Vitaly Shmatikov, Truth in advertising: lightweight verification of route integrity, Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, August 12-15, 2007, Portland, Oregon, USA
	Flavio Bonomi , Michael Mitzenmacher , Rina Panigrah , Sushil Singh , George Varghese, Beyond bloom filters: from approximate membership checks to approximate state machines, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
	Hiroshi Tsunoda , Kohei Ohta , Atsunori Yamamoto , Nirwan Ansari , Yuji Waizumi , Yoshiaki Nemoto, Detecting DRDoS attacks by a simple response packet confirmation mechanism, Computer Communications, v.31 n.14, p.3299-3306, September, 2008
	Turgay Korkmaz , Chao Gong , Kamil Sarac , Sandra G. Dykes, Single packet IP traceback in AS-level partial deployment scenario, International Journal of Security and Networks, v.2 n.1/2, p.95-108, March 2007
	Jianping Pan , Lin Cai , Xuemin Sherman Shen, Vulnerabilities in distance-indexed IP traceback schemes, International Journal of Security and Networks, v.2 n.1/2, p.81-94, March 2007
	Jerry Chou , Bill Lin , Subhabrata Sen , Oliver Spatscheck, Minimizing collateral damage by proactive surge protection, Proceedings of the 2007 workshop on Large scale attack defense, August 27-27, 2007, Kyoto, Japan
	Hikmat Farhat, Protecting TCP services from denial of service attacks, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.155-160, September 11-15, 2006, Pisa, Italy
	Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments, Simulation, v.83 n.3, p.291-303, March 2007
	Zhiqiang Gao , Nirwan Ansari, A practical and robust inter-domain marking scheme for IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.732-750, February, 2007
	David G. Andersen, Mayday: distributed filtering for internet services, Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems, p.3-3, March 26-28, 2003, Seattle, WA
	André O. Castelucio , Ronaldo M. Salles , Artur Ziviani, Evaluating the partial deployment of an AS-level IP traceback system, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	Jerry Chou , Bill Lin , Subhabrata Sen , Oliver Spatscheck, Proactive surge protection: a defense mechanism for bandwidth-based attacks, Proceedings of the 17th conference on Security symposium, p.123-138, July 28-August 01, 2008, San Jose, CA
	Christian Henke , Carsten Schmoll , Tanja Zseby, Empirical evaluation of hash functions for multipoint measurements, ACM SIGCOMM Computer Communication Review, v.38 n.3, July 2008
	Soon Hin Khor , Nicolas Christin , Tina Wong , Akihiro Nakao, Power to the people: securing the internet one edge at a time, Proceedings of the 2007 workshop on Large scale attack defense, August 27-27, 2007, Kyoto, Japan
	Barath Raghavan , Alex C. Snoeren, A system for authenticated policy-compliant routing, ACM SIGCOMM Computer Communication Review, v.34 n.4, October 2004
	Yang Xiang , Wanlei Zhou, Protecting information infrastructure from DDoS attacks by MADF, International Journal of High Performance Computing and Networking, v.4 n.5/6, p.357-367, May 2006
	Tan Apaydin , Guadalupe Canahuate , Hakan Ferhatosmanoglu , Ali Saman Tosun, Approximate encoding for direct access and query processing over compressed bitmaps, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	Toby Ehrenkranz , Jun Li, On the state of IP spoofing defense, ACM Transactions on Internet Technology (TOIT), v.9 n.2, p.1-29, May 2009
	Sherif Khattab , Rami Melhem , Daniel Mossé , Taieb Znati, Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks, Journal of Parallel and Distributed Computing, v.66 n.9, p.1152-1164, September 2006

INDEX TERMS

Primary Classification:
C. Computer Systems Organization
C.2 COMPUTER-COMMUNICATION NETWORKS
C.2.2 Network Protocols

Nouns: IP

Additional Classification:
C. Computer Systems Organization
C.2 COMPUTER-COMMUNICATION NETWORKS
C.2.1 Network Architecture and Design
Subjects: Packet-switching networks
C.2.3 Network Operations
Subjects: Network management
C.4 PERFORMANCE OF SYSTEMS
Subjects: Fault tolerance

General Terms:
Algorithms, Performance, Reliability

Keywords:
IP traceback, computer network management, computer network security, denial of service (DoS), network fault diagnosis, wide-area networks (WANs)

Collaborative Colleagues:

Alex C. Snoeren: colleagues

Craig Partridge: colleagues

Luis A. Sanchez: colleagues

Christine E. Jones: colleagues

Fabrice Tchakountio: colleagues

Beverly Schwartz: colleagues

Stephen T. Kent: colleagues

W. Timothy Strayer: colleagues

Peer to Peer - Readers of this Article have also read:

Web application security assessment by fault injection and behavior monitoring Proceedings of the 12th international conference on World Wide Web
Yao-Wen Huang , Shih-Kun Huang , Tsung-Po Lin , Chung-Hung Tsai
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher
An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
Gwo-Dong Chen , Daniel D. Gajski
The GemStone object database management system Communications of the ACM 34, 10
Paul Butterworth , Allen Otis , Jacob Stein

Adobe Acrobat

QuickTime

Windows Media Player

Real Player