Related Concepts
Attribution
Definition
Traceback is a term used for two different technologies: learning which machine has sent a particular packet or sequence of packets, and learning which person has initiated a particular connection. The latter is sometimes called attribution.
Background
Often, especially during certain Distributed Denial of Service (DDoS) attacks, it is desirable to learn what machines are participating in the attack. The goal might be to filter out packets from the offending machines, to contact its ISP or organization and have them filter the packets, to notify the owner of the machine, or to provide evidence to law enforcement or other legal authorities. In many cases, the source IP address is sufficient; in other cases, particularly during reflector attacks, the source IP address does not point to the perpetrator, and other mechanisms must be used. In addition, many early DDoS attacks used forged source addresses, precisely to avoid detection.
Theory
There are...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Bellovin SM, Leech M, Taylor T (2003) ICMP traceback messages. Obsolete Internet draft, Feb 2003
Clayton R (2005) Anonymity and traceability in cyberspace. PhD thesis, University of Cambridge, Darwin College. Also published as technical report UCAM-CL-TR-653
Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. ACM SIGCOMM ’00, Stockholm, Sweden, pp 295–306
Snoeren AC, Partridge C, Sanchez LA, Strayer WT, Jones CE, Tchakountio F, Kent ST (2001) Hash-based IP traceback. In: SIGCOMM ’01, San Diego, Aug 2001
Srisuresh P, Holdrege M (1999) IP Network address translator (NAT) terminology and considerations. RFC 2663, Internet Engineering Task Force, Aug 1999
Zhang Y, Paxson V (2000) Detecting stepping stones. In: Proceedings of the 9th USENIX security symposium, Denver, Aug 2000
Bellovin SM, Leech M, Taylor T (2003) ICMP traceback messages. Obsolete Internet draft, Feb 2003. http://www.cs.columbia.edu/∼smb/papers/draft-ietf-itrace-04.txt
Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. SIGCOMM ’00, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. Technical Report UW-CSE-2000-02-01, Department of Computer Science and Engineering, University of Washington, Seattle. http://www.cs.washington.edu/homes/savage/traceback.html
Snoeren AC, Partridge C, Sanchez LA, Strayer WT, Jones CE, Tchakountio F, Kent ST (2001) Hash-based IP traceback. BBN Technical Memorandum No. 1284, http://www.ir.bbn.com/documents/techmemos/TM1284.ps, 7 Feb 2001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Bellovin, S.M. (2011). IP Traceback. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_268
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_268
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering