Reflective Probabilistic Packet Marking Scheme for IP Traceback (特集: 新たな脅威に立ち向かうコンピュータセキュリティ技術) (original) (raw)

This paper describes the design and implementation of Reflective Probabilistic Packet Marking (RPPM) scheme, which is a traceback scheme against distributed denial-of-service (DDoS) attacks. Attacks include traffic laundered by reflectors which are sent false requests by attackers posing as a victim. Reflectors are among the hardest security problems on today's Internet. One promising solution to tracing the origin of attacks, the probabilistic packet marking (PPM) scheme, has proposed. However, conventional PPM cannot work against reflector attacks-reflector problem. Also, it encodes a mark into IP Identification field, this disables the use of ICMP-encoding problem. RPPM is a solution to both the reflector and encoding problem. We have extended PPM to render reflectors ineffectual by reflecting marking statistics of incoming packets at reflectors in order to trace the origin of the attacks. Furthermore, we have encoded a mark into the IP option field without reducing necessary information. Thus, RPPM can traceback beyond reflectors, ensures ICMP-compatibility, and eliminates possibility of failure in attack path reconstruction. Simulation results and our implementation based on Linux demonstrated that RPPM retains the semantics of conventional PPM on a path between an attacker and a reflector, and its performance is feasible for practice.