Abstract
Distributed Denial of Service Attack continues to plague the world. Defense against the DDoS attacks gets complicated due to IP spoofing. We propose a new packet marking technique PT (called Path Tracer) which imprints the fingerprint of the path taken by attack traffic in each packet, thereby enabling the victim to identify the attack traffic on per packet basis even in presence of IP Spoofing. Our Packet Marking Technique has many unique features. It helps the victim to proactively filter out the attack packets based on the unique path mark. A single packet contains information about complete attack path. The marking algorithm is very simple. Our approach does not create overhead in the packet and it does not require any extra storage. Analysis of our scheme proves the effectiveness of PT in filtering out DDoS traffic while allowing the legitimate traffic to be processed normally.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proceedings of the 2000 ACM SIGCOMM Conference (August 2000)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T.: Single-packet IP traceback. IEEE/ACM Transactions on Networking (ToN) 10(6) (December 2002)
Abraham, Y., Adrian, P., Dawn, S.: Pi: A Path Identification Mechanism to Defend Against DDoS Attacks. In: IEEE Symposium on Security and Privacy (May 2003)
Ansari, N., Belenky, A.: IP Traceback with Deterministic Packet Marking. IEEE Communication letters (April 2003)
Perrig, A., Yaar, A., Song, A.: StackPi: A New Defense Mechanism against IP Spoofing and DDoS Attacks, Technical Report, Carnegie Mellon University USA (2003)
Snoeren, A.C., Partridge, C.L., Sanchez, A., Jones, C.E., Tchakountio, F.S., Kent, T., Strayer, W.T.: Hash-based IP traceback. In: ACM SIGCOMM (August 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saurabh, S., Sairam, A.S. (2011). PT: A Path Tracing and Filtering Mechanism to Defend against DDoS Attacks. In: Venugopal, K.R., Patnaik, L.M. (eds) Computer Networks and Intelligent Computing. ICIP 2011. Communications in Computer and Information Science, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22786-8_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-22786-8_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22785-1
Online ISBN: 978-3-642-22786-8
eBook Packages: Computer ScienceComputer Science (R0)