Practical network support for IP traceback
read more
Citations
A taxonomy of DDoS attack and DDoS defense mechanisms
Inferring internet denial-of-service activity
Measuring ISP topologies with rocketfuel
Measuring ISP topologies with Rocketfuel
A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks
References
An Introduction to Probability Theory and Its Applications.
Security Architecture for the Internet Protocol
IP Mobility Support
Internet Protocol
Related Papers (5)
Frequently Asked Questions (16)
Q2. What are the future works in "Practical network support for ip traceback" ?
Several areas remain to be addressed in future work, such as the combination of widely distributed attacks and points of indirection such as reflectors.
Q3. How many bits is reserved in the packet header?
A single static “node” field is reserved in the packet header – large enough to hold a single router address (i.e. 32 bits for IPv4).
Q4. How does the victim construct a candidate edge-id?
The victim constructs candidate edge-ids by combining all combinations of fragments at each distance with disjoint offset values.
Q5. How many samples must the receiver receive before it can receive a single packet?
For instance, if d and p , the receiver must receive more than 42,000 packets on average before it receives a single sample from the furthest router.
Q6. What is the reason why a packet may never be visible?
since hosts can forge both their IP source address and MAC address the origin of a packet may never be explicitly visible.
Q7. How many packets can be resolved with a high likelihood?
The authors see that most paths can be resolved with between one and twothousand packets, and even the longest paths can be resolved with a very high likelihood within four thousand packets.
Q8. How do the authors reduce the probability that a packet is a false edge id?
To reduce the probability that the authors accidentally reconstruct a “false” edge-id by combining fragments from different paths, the authors add a simple error detection code to their algorithm.
Q9. What are the main limitations of the node append algorithm?
The node append algorithm is both robust and extremely quick to converge (a single packet), however it has several serious limitations.
Q10. How many packets are needed to reconstruct a path?
The number of packets needed to reconstruct each path is independent, so the number of packets needed to reconstruct all paths is a linear function of the number of attackers.
Q11. What does the distance field prevent an attacker from spoofing?
While the distance field prevents an attacker from spoofing edges between it and the victim – what the authors call the valid suffix – nothing prevents the attacker from spoofing extra edges past the end of the true attack path.
Q12. How many samples can be ranked by the number of routers?
Since this function is monotonic in the distance from the victim, ranking each router by the number of samples it contributes will tend to produce the accurate attack path.
Q13. How many trials can be used to reconstruct an ordered path?
Although it might seem impossible to reconstruct an ordered path given only an unordered collection of node samples, it turns out that with a sufficient number of trials, the order can be deduced from the relative number of samples per node.
Q14. How many bits are used to represent the edge fragment?
Figure 9 depicts their choice for partitioning the identification field: 3 offset bits to represent 8 possible fragments, 5 bits to representthe distance, and 8 bits for the edge fragment.
Q15. What is the solution for preserving the integrity of fragmented flows?
This solution increases the loss rate of fragmented flows somewhat (more substantially for longer paths) but preserves the integrity of the data in these flows.
Q16. How can the authors make a multi-party traceback algorithm?
The authors have shown that this class of algorithm, best embodied in edge sampling, can enable efficient and robust multi-party traceback that can be incrementally deployed and efficiently implemented.