Research Article
Across-Domain Deterministic Packet Marking for IP Traceback
@INPROCEEDINGS{10.1109/CHINACOM.2007.4469407, author={Guang Jin and Jiangang Yang and Wei Wei and Yabo Dong}, title={Across-Domain Deterministic Packet Marking for IP Traceback}, proceedings={2nd International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2008}, month={3}, keywords={Deterministic packet marking DoS IP traceback Internet security}, doi={10.1109/CHINACOM.2007.4469407} }- Guang Jin
Jiangang Yang
Wei Wei
Yabo Dong
Year: 2008
Across-Domain Deterministic Packet Marking for IP Traceback
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2007.4469407
Abstract
Among IP traceback techniques, deterministic packet marking (DPM) can locate the ingress border routers of destination domains with sound effectiveness and robustness. Yet DPM is inefficient to trace to attack origins of remote domains. A novel mechanism, across-domain deterministic packet marking (ADDPM), for IP traceback is proposed. It uses the 30-bit space in IP header reserved for fragmented traffic. Three deterministic markings are recorded into a packet at both the ingress router of source domain and the border router of destination domain respectively. Besides the both routers’ IP addresses, the source AS number is also marked. The victim can trace to the remote attack origin by the markings. Deterministic markings can also be used to differentiate malicious packets. Theoretical analyses, deployment policies and simulation results are provided in detail and show the effectiveness of ADDPM.