IPv6 Traceback Using Policy Based Management System

Most of the cyber attacks use spoofed IP packets to cast an attack. The stateless nature of IP makes it nearly impossible to identify the true source(s) of these attacks. With the help of IP traceback techniques, we try to identifying the true source of an IP datagram in Internet. While many IP traceback techniques have been proposed, but most of the previous studies focus and offer solutions for DDoS attacks done on IPv4 environment. IPv4 and IPv6 Networks differ greatly from each other, for instance, absence of the Option field in basic IPv6 header. Thus, the mechanisms of IP Traceback for IPv4 networks may not apply to IPv6 networks. In this paper, we extend our previous work i.e. PPM for IPv6 and remove its drawback by using Policy Based IP Traceback (PBIT) mechanism. We also discuss problems related to previously proposed IPv4 traceback schemes and practical subtleties in implementing traceback techniques for IPv6 networks. *

[1]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[2]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[3]  Marcel Waldvogel,et al.  GOSSIB vs. IP traceback rumors , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[4]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[5]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[6]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[7]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[8]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[9]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[10]  Syed Obaid Amin,et al.  A Lightweight IP Traceback Mechanism on IPv6 , 2006, EUC Workshops.

[11]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[13]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[14]  W.T. Strayer,et al.  SPIE-IPv6: single IPv6 packet traceback , 2004, 29th Annual IEEE International Conference on Local Computer Networks.