Abstract
In any Distributed Denial of Service (DDoS) attack, invaders may use incorrect or spoofed Internet Protocol (IP) addresses in the attacking packets and thus disguise the actual origin of the attacks. This is primarily due to the stateless nature of the Internet. IP traceback algorithms provide mechanisms for identifying the true source of an IP datagram on the Internet ensuring at least the accountability of cyber attacks. While many IP traceback techniques have been proposed, most of the previous studies focus and offer solutions for DDoS attacks done on Internet Protocol version 4 (IPv4) environment. IPv4 and IPv6 networks differ greatly from each other, which urge the need of traceback techniques specifically tailored for IPv6 networks. In this paper, we propose a novel traceback architecture for IPv6 networks using Common Open-Policy Service and a novel packet-marking scheme. We also provide complete underlying protocol details required for traceback support in IPv6 networks. The proposed architecture is on demand and only single packet is required to traceback the attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Belenky A, Ansari N (2003) Tracing multiple attackers with deterministic packet marking (DPM). In: PACRIM 2003, 49–52, Aug
Belenky A, Ansari N (2003) IP traceback with deterministic packet marking IEEE Commun Lett 7(4):162–164
Savage S, Wetherall D, Karlin A, Anderson T (2001) Network support for IP traceback. IEEE/ACM Trans Net 9(3):226–37, June
Belenky A, Ansari N (2003) On IP traceback. IEEE Commun Mag 41(7):142–153, July
Mankin A, Massey D, Wu C, Wu S, Zhang L (2001) On design and evaluation of ‘intention-driven’ ICMP traceback. In: ICCCN Oct 2001, pp. 159–165
Snoeren AC, Partridge C, Sanches LA, Jones CE, Tchakountio F, Kent ST, Strayer WT (2002) Single-packet IP traceback. ACM/IEEE Trans Netw 10(6):721–734
Waldvogel M (2002) GOSSIB vs. IP traceback rumors. In: 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 5–13
Deering S, Hinden R (1998) Internet protocol, version 6 (IPv6) specification. RFC 2460. IETF, Fremont, Dec
Convery S, Miller D (2004) IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation (v1.0). http://www.cisco.com/web/about/security/security_services/ciag/documents/v6-v4-threats.pdf
Westerinen A, Schnizlein J, Strassner J, Scherling M, Quinn B, Herzog S, Huynh A, Carlson M, Perry J, Waldbusse S (2001) Terminology for policy-based management, RFC3198. IETF Fremont, Nov
Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, April
Kent S, Atinkson R, Black D (1998) IP authentication header, RFC 2402. IETF, Fremont, Nov
Gong C, Le T, Korkmaz T, Sarac K (2005) Single Packet IP Traceback in AS-level Partial Deployment Scenario. In: IEEE GLOBECOM Nov 2005
Carpenter B, Moore K (2001) Connection of IPv6 domains via IPv4 clouds, RFC 3056. IETF, Fremont, Feb
Durand A, Fasano P, Lento D (2001) IPv6 tunnel broker, RFC 3053. IETF, Fremont, Jan
Conta A, Deering S (1998) General packet tunneling in IPv6 specification, RFC 2473. IETF, Fremont, Dec
Durham D, Boyle J, Cohen R, Herzog S, Rajan R, Sastry A (2000) The COPS (Common Open Policy Service) protocol, RFC 2748. IETF, Fremont, Jan
Song B, Heo J, Hong CS (2007) Collaborative defense mechanism using statistical detection method against DDoS attacks. IEICE Trans Commun E90-B(10):2655–2664, Oct 1
Barabasi AL, Albert R (1999) Emergence of scaling in random networks. Science 286:509–512, Oct
Korkmaz T, GongC, Sarac K, Dykes SG (2007) Single packet IP traceback in AS-level partial deployment scenario IJSN 2(1/2):95–108
Strayer WT, Jones CE, Tchakountio F, Hain RR (2004) SPIE-IPv6: single IPv6 packet traceback. In: 29th Annual IEEE International Conference on Local Computer Networks 2004 Nov, pp. 118–125
Acknowledgements
This research was supported by MIC under the ITRC support program supervised by the IITA “(IITA-2007-(C1090–0701–0016))”. And Dr. CS Hong is the corresponding author.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Amin, S.O., Siddiqui, M.S. & Hong, C.S. A novel IPv6 traceback architecture using COPS protocol. Ann. Telecommun. 63, 207–221 (2008). https://doi.org/10.1007/s12243-008-0018-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-008-0018-5