NS-2 Based IP Traceback Simulation Against Reflector Based DDoS Attack

  • Hyung-Woo Lee
  • Taekyoung Kwon
  • Hyung-Jong Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3397)


Reflector attack belongs to one of the most serious types of Distributed Denial-of-Service (DDoS) attacks, which can hardly be traced by traceback techniques, since the marked information written by any routers between the attacker and the reflectors will be lost in the replied packets from the reflectors. In response to such attacks, advanced IP traceback technology must be suggested. This study proposed a NS-2 based traceback system for simulating iTrace technique that identifies DDoS traffics with multi-hop iTrace mechanism based on TTL information at reflector for malicious reflector source trace. According to the result of simulation, the proposed technique reduced network load and improved filter/traceback performance on distributed reflector attacks.


NS-2 Reflector Attack DDoS IP Traceback Simulation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Elliott, J.: Distributed Denial of Service Attack and the Zombie and Effect . IP professional (March/April 2000)Google Scholar
  2. 2.
    Garber, L.: Denial-of-Service attacks trip the Internet. Computer, 12 (April 2000)Google Scholar
  3. 3.
    Belenky, A.: Nirwan Ansari,On IP Traceback. IEEE Communication Magazine, 142–153 (July 2003)Google Scholar
  4. 4.
    Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 (March 2002)Google Scholar
  5. 5.
    Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. ACM Comp. Commun. Rev. 31(3), 3–14 (2001)Google Scholar
  6. 6.
    Chang, R.K.C.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)CrossRefGoogle Scholar
  7. 7.
    Bellovin, S., Taylor, T.: ICMP Traceback Messages. RFC 2026, Internet Engineering Task Force (February 2003) Google Scholar
  8. 8.
    Barros, C.:[LONG] A Proposal for ICMP Traceback Messages (September 18) ( 2000),
  9. 9.
    Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: Proc. IEEE INFOCOM 2001. 2001, pp. 338–347 (2001)Google Scholar
  10. 10.
    Song, D.X., Perrig, A.: Advanced and AuthenticatedMarking Scheme for IP Traceback. Proc, Infocom 2, 878–886 (2001)Google Scholar
  11. 11.
    Fall, K.: ns notes and documentation. The VINT Project (2000) Google Scholar
  12. 12.
    Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. In: ACM SIGCOMM, Computer Communication Review, pp. 38–47 (2001)Google Scholar
  13. 13.
    Floyd, S., Bellovin, S., Ioannidis, J., Kompella, k., Mahajan, R., Paxson, V.: Pushback Message for Controlling Aggregates in the Network, Internet Draft (2001) Google Scholar
  14. 14.
    Hussain, A., Heidemann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: SIGCOMM 2003, August 25-29, pp. 99–110 (2003)Google Scholar
  15. 15.
    Jin, C., Wang, H., Shin, K.G.: Hop-Counter Filtering: An Effective Defense Against Spoofed DDoS Traffic. In: CCS 2003, October 27-31, pp. 30–41 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hyung-Woo Lee
    • 1
  • Taekyoung Kwon
    • 2
  • Hyung-Jong Kim
    • 3
  1. 1.Dept. of SoftwareHanshin UniversityOsan, GyunggiKorea
  2. 2.School of Computer EngineeringSejong UniversitySeoulKorea
  3. 3.Korea Information and Security AgencySeoulKorea

Personalised recommendations