This paper describes a technique for tracing anonymous packet flooding atta
cks in the Internet back toward their source. This work is motivated by the
increased frequency and sophistication of denial-of-service attacks and by
the difficulty in tracing packets with incorrect, or "spoofed," source add
resses. In this paper, we describe a general purpose traceback mechanism ba
sed on probabilistic packet marking in the network. Our approach allows a v
ictim to identify the network path(s) traversed by attack traffic without r
equiring interactive operational support from Internet Service Providers (I
SPs). Moreover, this traceback can be performed "post mortem"-after an atta
ck has completed. We present an implementation of this technology that is i
ncrementally deployable, (mostly) backward compatible, and can be efficient
ly implemented using conventional technology.