Record route IP traceback: Combating DoS attacks and the variants

The Internet introduces a variety of vulnerabilities that put the security and privacy of computer based systems under risk. One of the most perilous threats in the Internet is the Denial of Service (DoS) attack and its variants such as Distributed DoS (DDoS). In this work we propose a novel probabilistic packet marking scheme to infer forward paths from attacker sites to a victim site and enable the victim to delegate the defense to the upstream Internet Service Providers (ISPs). We exploit the record route feature of the IP protocol to implement our probabilistic packet marking scheme. Compared to the other techniques, our approach requires less many packets to construct the paths from attacker sites toward a victim site. Our results show that a victim site can construct the forward path from an attacker site after receiving 20.23 packets on the average under DoS attacks. Moreover, we construct the forward-paths graph from 5000 attacker sites toward the victim site by receiving 11.58 packets per attacker site, on the average.