Practical network support for IP traceback

被引：243

作者：

Savage, S ^{[1
]}

Wetherall, D ^{[1
]}

Karlin, A ^{[1
]}

Anderson, T ^{[1
]}

机构：

[1] Univ Washington, Dept Comp Sci & Engn, Seattle, WA 98195 USA

来源：

ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2000年 / 30卷 / 04期

关键词：

D O I：

10.1145/347057.347560

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed", source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed "post-mortem" - after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology.

引用

页码：295 / 306

页数：12

共 43 条

[1] [Anonymous], 1987, P ACM WORKSHOP FRONT
[2] [Anonymous], INTERNET PROTOCOL VE
[3] [Anonymous], 2000, ICMP TRACEBACK MESSA
[4] BAKER F, 1995, RFC1812
[5] Banga G, 1999, USENIX ASSOCIATION PROCEEDINGS OF THE THIRD SYMPOSIUM ON OPERATING SYSTEMS DESIGN AND IMPLEMENTATION (OSDI '99), P45
[6] Bellovin S. M., 1989, Computer Communication Review, V19, P32, DOI 10.1145/378444.378449
[7] Braden R., 1989, 1122 RFC
[8] BURCH H, 1999, UNPUB TRACING ANONYM
[9] CARTER R, 1997, P 1997 IEEE INFOCOM
[10] *CISC SYST, 1997, CONF TCP INT PREV DE

← 1 2 3 4 5 →