Reflector Attack Traceback System with Pushback Based iTrace Mechanism

  • Hyung-Woo Lee
  • Sung-Hyun Yun
  • Taekyoung Kwon
  • Jae-Sung Kim
  • Hee-Un Park
  • Nam-Ho Oh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)


Reflector attack belongs to one of the most serious types of Distributed Denial-of-Service (DDoS) attacks, which can hardly be traced by traceback techniques, since the marked information written by any routers between the attacker and the reflectors will be lost in the replied packets from the reflectors. In response to such attacks, advanced IP traceback technology must be suggested. This study proposed an improved iTrace technique that identifies DDoS traffics with Pushback based multi-hop iTrace mechanism based on authenticated packet marking information at reflector for malicious reflector source trace and cope with DDoS attack packets efficiently.


Reflector Attack iTrace Authenticated Packet Marking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Elliott, J.: Distributed Denial of Service Attack and the Zombie and Effect. IP professional (March/April 2000)Google Scholar
  2. 2.
    Garber, L.: Denial-of-Service attacks trip the Internet. Computer, p. 12 (April 2000)Google Scholar
  3. 3.
    Belenky, A., Ansari, N.: On IP Traceback. IEEE Communication Magazine, 142–153 (July 2003)Google Scholar
  4. 4.
    Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 (March 2002)Google Scholar
  5. 5.
    Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. ACM Comp. Commun. Rev. 31(3), 3–14 (2001)Google Scholar
  6. 6.
    Chang, R.K.C.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)CrossRefGoogle Scholar
  7. 7.
    Bellovin, S., Taylor, T.: ICMP Traceback Messages. RFC 2026, Internet Engineering Task Force (February 2003)Google Scholar
  8. 8.
    Ferguson, P., Senie, D.: Network ingress Filtering: Defeating denial of service attacks which employ IP source address spoofing, RFC 2827 (May 2000)Google Scholar
  9. 9.
    Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: Proc. IEEE INFOCOM 2001, pp. 338–347 (2001)Google Scholar
  10. 10.
    Song, D.X., Perrig, A.: Advanced and AuthenticatedMarking Scheme for IP Traceback. In: Proc. Infocom, vol. 2, pp. 878–886 (2001)Google Scholar
  11. 11.
    Floyd, S., Bellovin, S., Ioannidis, J., Kompella, K., Mahajan, R., Paxson, V.: Pushback Message for Controlling Aggregates in the Network. Internet Draft (2001)Google Scholar
  12. 12.
    Computer Emergency Response Team, TCP SYN flooding and IP Spoofing attacks, CERT Advisory CA-1996-21 (September 1996) Google Scholar
  13. 13.
    Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. ACM SIGCOMM, Computer Communication Review, 38–47 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Hyung-Woo Lee
    • 1
  • Sung-Hyun Yun
    • 2
  • Taekyoung Kwon
    • 3
  • Jae-Sung Kim
    • 4
  • Hee-Un Park
    • 4
  • Nam-Ho Oh
    • 4
  1. 1.Dept. of SoftwareHanshin UniversityOsan, GyunggiKorea
  2. 2.Div. of Information and Communication EngineeringCheonan UniversityChungnamKorea
  3. 3.School of Computer EngineeringSejong UniversitySeoulKorea
  4. 4.Korea Information Security AgencySeoulKorea

Personalised recommendations