Strategies for Tracking Individual IP Packets Towards DDoS
Peter Hillmann, Frank Tietze, Gabi Dreo Rodosek
TL;DR
The paper addresses the challenge of tracing DDoS traffic by introducing Tracemax, a cooperative packet-marking approach that injects compact IDs into the IP header to record a packet’s path across many hops. A reconstruction process at the destination maps the ID sequence to the actual network path, enabling rapid defense actions and forensic analysis without revealing private topology. The approach demonstrates the ability to trace over 50 hops for a single packet with minimal payload impact and low overhead, supporting early warning and attack localization. This work offers a practical, scalable solution for DDoS traceback and network forensics, with potential deployment as an RFC and considerations for IPv6 and MPLS interworking.
Abstract
The identification of the exact path that packets are routed in the network is quite a challenge. This paper presents a novel, efficient traceback strategy in combination with a defence system against distributed denial of service (DDoS) attacks named Tracemax. A single packets can be directly traced over many more hops than the current existing techniques allow. It let good connections pass while bad ones get thwarted. Initiated by the victim the routers in the network cooperate in tracing and become automatically self-organised and self-managed. The novel concept support analyses of packet flows and transmission paths in a network infrastructure. It can effectively reduce the effect of common bandwidth and resource consumption attacks and foster in addition early warning and prevention.