Practical network support for IP traceback

This paper describes a technique for tracing anonymous packet flooding atta cks in the Internet back towards their source. This work is motivated by th e increased frequency and sophistication of denial-of-service attacks and b y the difficulty in tracing packets with incorrect, or "spoofed", source ad dresses. In this paper we describe a general purpose traceback mechanism ba sed on probabilistic packet marking in the network. Our approach allows a v ictim to identify the network path(s) traversed by attack traffic without r equiring interactive operational support from Internet Service Providers (I SPs). Moreover, this traceback can be performed "post-mortem" - after an at tack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficie ntly implemented using conventional technology.