Affecting IP traceback with recent Internet topology maps

Martins, Olawale
Journal Title
Journal ISSN
Volume Title
Research Projects
Organizational Units
Journal Issue

Computer network attacks are on the increase and are more sophisticated in today's network environment than ever before. One step in tackling the increasing spate of attacks is the availability of a system that can trace attack packets back to their original sources irrespective of invalid or manipulated source addresses. IP Traceback is one of such methods, and several schemes have already been proposed in this area. Notably though, no traceback scheme is in wide use today due to reasons including a lack of compatibility with existing network protocols and infrastructure, as well as the high costs of deployment. Recently, remarkable progress has been made in the area of Internet topology mappings and more detailed and useful maps and metrics of the Internet are being made available to the corporate and academic research communities. This thesis introduces a novel use of these maps to influence IP Traceback in general, and packet marking schemes in particular. We note that while other schemes have previously taken advantage of such maps, most of these have viewed the maps from the available router node level. We take a novel router-aggregation node view of the Internet and explore ways to use this to make improvements to packet marking schemes and solving the problem of the limited space available in the current IP header for marking purposes. We evaluate our proposed schemes using real network paths traversed by several traceroute packets from diverse sources and to various destinations, and compare our results to other packet marking schemes. Finally, we explore the possibility of partial deployment of one of our schemes and estimate the probability of success at different stages of deployment.

Electrical and computer engineering, Computer engineering, Information assurance