Tracing the True Source of an IPv6 Datagram Using Policy Based Management System

In any (D)DoS attack, invaders may use incorrect or spoofed IP addresses in the attacking packets and thus disguise the factual origin of the attacks. Due to the stateless nature of the internet, it is an intricate problem to determine the source of these spoofed IP packets. This is where; we need the IP traceback mechanism i.e. identifying the true source of an IP datagram in internet. While many IP traceback techniques have been proposed, but most of the previous studies focus and offer solutions for DDoS attacks done on IPv4 environment. Significant differences exist between the IPv4 and IPv6 Networks for instance, absence of option in basic IPv6 header. Thus, the mechanisms of IP Traceback for IPv4 networks may not be applied to IPv6 networks. In this paper, we extended our previous work i.e. PPM for IPv6 and removed its drawback by using Policy Based IP Traceback (PBIT) mechanism. We also discussed problems related to previously proposed IPv4 traceback schemes and practical subtleties in implementing traceback techniques for IPv6 networks.

[1]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[2]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[3]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[4]  Marcel Waldvogel,et al.  GOSSIB vs. IP traceback rumors , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[6]  Syed Obaid Amin,et al.  A Lightweight IP Traceback Mechanism on IPv6 , 2006, EUC Workshops.

[7]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[8]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[9]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[10]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[11]  W.T. Strayer,et al.  SPIE-IPv6: single IPv6 packet traceback , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[12]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[13]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[14]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).