file.pdf (184.6 kB)
Download fileFIT: Fast Internet Traceback
journal contribution
posted on 2005-01-01, 00:00 authored by Adrian Perrig, Abraham Yaar, Dawn SongAbstract— Traceback mechanisms are a critical part of
the defense against IP spoofing and DoS attacks, as well
as being of forensic value to law enforcement. Currently
proposed IP traceback mechanisms are inadequate to
address the traceback problem for the following reasons:
they require DDoS victims to gather thousands of packets to
reconstruct a single attack path; they do not scale to large
scale Distributed DoS attacks; and they do not support
incremental deployment.
We propose Fast Internet Traceback (FIT), a new packet
marking approach that significantly improves IP traceback
in several dimensions: (1) victims can identify attack paths
with high probability after receiving only tens of packets, a
reduction of 1–3 orders of magnitude compared to previous
packet marking schemes; (2) FIT performs well even in
the presence of legacy routers, allowing every FIT-enabled
router in path to be identified; and (3) FIT scales to large
distributed attacks with thousands of attackers. Compared
with previous packet marking schemes, FIT represents a
step forward in performance and deployability.