18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004. (2004)
Mar. 29, 2004 to Mar. 31, 2004
Vamsi Paruchuri , Louisiana State University
Arjan Durresi , Louisiana State University
Rajgopal Kannan , Louisiana State University
S. Sitharama Iyengar , Louisiana State University
The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet making the defense against Distributed Denial of Service attacks one of the hardest problems on the Internet today. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring every router's participation. For many reasons this requirement is impractical and the victim ends up with an approximate location of the attacker. Reconstruction of the whole path is also very difficult owing to the sheer size of the Internet.<div></div> This paper presents lightweight schemes for tracing back to the attack-originating AS instead to the exact origin itself. Once the attack-originating AS is determined, all further routers in the path to the attacker are within that AS and under the control of a single entity; which can presumably monitor local traffic in a more direct way than a generalized, Internet scale, packet marking scheme can. We also provide a scheme to prevent compromised routers from forging markings.
traceback, DDoS, network security
V. Paruchuri, S. S. Iyengar, R. Kannan and A. Durresi, "Authenticated Autonomous System Traceback," 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.(AINA), Fukuoka, Japan, 2004, pp. 406.