Low Storage and Traceback Overhead IP Traceback System

Using IP spoofing, a person masquerades as another by falsifying source IP address and gains an illegitimate access. Denial of Service (DoS) is an attack that is launched to bring down a network by flooding it with useless traffic. This attack can be easily exploited by IP spoofing. To prevent DoS, it is necessary to determine the source of the attacks. IP traceback is a mechanism that attempts to reconstruct the path traversed by a packet to find the real source. Two predominant traceback mechanisms are packet marking and logging. Packet marking records the path information of the intermediate routers in the packet, which can then be used to reconstruct the path. Packet logging logs the packets at the intermediate routers. Hybridizing these two methods gives the benefits of both. This paper refines a hybrid IP traceback method, Modulo and Reverse modulo and proposes a few changes in the way the packets are logged and tracked back. Revised-MORE uses subnet address to create hash values rather than source IP. This reduces the amount of packets to be logged at the routers. Time-To-Live is used for tracing exactly. The simulation results show that the refinements reduce logging overhead, storage requirements and improve traceback accuracy.