| Abstract |
|
The design of the IP protocol makes it difficult to
reliably identify the originator of an IP packet making the
defense against Distributed Denial of Service attacks one
of the hardest problems on the Internet today. Previous
solutions for this problem try to traceback to the exact
origin of the attack by requiring every router's
participation. For many reasons this requirement is
impractical and the victim ends up with an approximate
location of the attacker. Reconstruction of the whole path
is also very difficult owing to the sheer size of the
Internet.
This paper presents lightweight schemes for tracing
back to the attack-originating AS instead to the exact
origin itself. Once the attack-originating AS is
determined, all further routers in the path to the attacker
are within that AS and under the control of a single
entity; which can presumably monitor local traffic in a
more direct way than a generalized, Internet scale, packet
marking scheme can. We also provide a scheme to
prevent compromised routers from forging markings.
|
 Additional Information
|
Index Terms- traceback, DDoS, network security
Citation:
Vamsi Paruchuri, Arjan Durresi, Rajgopal Kannan, S. Sitharama Iyengar,
"Authenticated Autonomous System Traceback,"
aina,
p. 406,
18th International Conference on Advanced Information Networking and Applications (AINA'04) Volume 1,
2004
|
