This paper describes a technique for tracing anonymous packet flooding atta
cks in the Internet back towards their source. This work is motivated by th
e increased frequency and sophistication of denial-of-service attacks and b
y the difficulty in tracing packets with incorrect, or "spoofed", source ad
dresses. In this paper we describe a general purpose traceback mechanism ba
sed on probabilistic packet marking in the network. Our approach allows a v
ictim to identify the network path(s) traversed by attack traffic without r
equiring interactive operational support from Internet Service Providers (I
SPs). Moreover, this traceback can be performed "post-mortem" - after an at
tack has completed. We present an implementation of this technology that is
incrementally deployable, (mostly) backwards compatible and can be efficie
ntly implemented using conventional technology.