Acta Metallurgica Sinica(English letters) ›› 2008, Vol. 15 ›› Issue (3): 51-58.doi:

• Wireless • Previous Articles     Next Articles

Packet track and traceback mechanism against denial of service attacks

LI Li, SHEN Su-bin   

  1. Institute of Information Network Technology, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
  • Received:2007-09-08 Revised:1900-01-01 Online:2008-09-30

Abstract:

The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi’s limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.

Key words:

denial of service (DoS) attack;traceback;packet marking;Pi