Probabilistic packet marking (PPM) has been proposed for the identification of the source of a denial of service (DoS) attack (Savage, S. et al., Proc. ACM SIGCOM, p.295-305, 2000). PPM is based on marking packets with a fixed probability by all routers. However, using a fixed marking probability allows a large number of packets to reach the victim unmarked, which can be spoofed to impede traceback. Also, using a fixed marking probability, the victim receives fewer marked packets from routers further away from the victim, which increases the computational time needed for traceback. Hence, we study the adjusted probabilistic packet marking (APPM) scheme (Teo Peng et al., Proc. Networking, 2002), where variable marking probability is used so that the victim receives packets from all routers with equal probability. However, using the analysis similar to that of Kihomg Park and Heejo Lee (see Proc. IEEE INFOCOM, 2001) we show that APPM is also subject to spoofing of the marking field for smaller path lengths. A modified version of APPM is proposed that reduces unmarked packets reaching the victim and the computational time needed for traceback.
[1]
William Feller,et al.
An Introduction to Probability Theory and Its Applications
,
1967
.
[2]
Anna R. Karlin,et al.
Practical network support for IP traceback
,
2000,
SIGCOMM.
[3]
Michael T. Goodrich,et al.
Efficient packet marking for large-scale IP traceback
,
2002,
CCS '02.
[4]
Dawn Xiaodong Song,et al.
Advanced and authenticated marking schemes for IP traceback
,
2001,
Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).
[5]
Jerry R. Hobbs,et al.
An algebraic approach to IP traceback
,
2002,
TSEC.