DLLT: distributed link list traceback

Denial of Service (DoS) attacks represent a major threat to the availability of Internet services. Identifying the sources of these attacks is considered an important step toward a DoS-free Internet. In this poster, we propose a new scheme, called Distributed Link-List Traceback (DLLT), which combines the good features of probabilistic packet marking (PPM) and Hash-based traceback. The scheme is based on a novel concept called distributed link list (DLL), in which we keep track of some of the routers that were involved in forwarding certain packet by establishing a temporary link between them in a distributed manner. DLL is based on "store, mark and forward" approach. A single marking field is allocated in each packet. Any router that decides to mark the packet, stores the current IP address found in the marking field along with the packet ID in a special data structure called Marking Table maintained at the router, then marks the packet by overwriting the marking field by its own IP address, and then forwards the packet as usual. Any router that decides not to mark the packet just forwards it. Our studies show that the proposed scheme requires small number of packets, adjustable amount of memory. At the same time, offers high attack source detection percentage.