Network support for IP traceback

This paper describes a technique for tracing anonymous packet flooding atta cks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed," source add resses. In this paper, we describe a general purpose traceback mechanism ba sed on probabilistic packet marking in the network. Our approach allows a v ictim to identify the network path(s) traversed by attack traffic without r equiring interactive operational support from Internet Service Providers (I SPs). Moreover, this traceback can be performed "post mortem"-after an atta ck has completed. We present an implementation of this technology that is i ncrementally deployable, (mostly) backward compatible, and can be efficient ly implemented using conventional technology.