Implementing IP Traceback in the Internet — An ISP Perspective

ISBN 0-7803-9850-5 /$10.00  2002 IEEE Page 326 Abstract--Denial-of-Service (DoS) attacks consume the resources of remote hosts and the network in terms of buffers, processing power, and connections, thus denying or degrading the Internet services to legitimate users. Managed security service (MSS) has been developed to provide better network performance in addition to protect customers from being attacked. IP traceback is one of the most important features incorporated in MSS. Probabilistic packet marking, a promising IP traceback scheme, has received much attention in the past couple of years, owing to its desirable properties. In this paper, we discuss the implementation issues of IP traceback technology from an ISP perspective. We introduce a practical marking scheme, in which the marking edge is a label representing a router instead of the router’s IP address, and the marking probability is a function of the distance of the first trusted router on the attack path. To deal with spoofed marking, we also propose a hash-based scheme to validate the information in the marking field.