Browse by author
Lookup NU author(s): Marios Andreou, Professor Aad van Moorsel
IP traceback is the generic term given to systems that allow the tracing of IP packets back to their originating machine. A common shortcoming shared by existing traceback proposals is that they are able to identify the source network, but not the source host. Our work extends the traceback process by allowing the tracing of frames within the originating network (once this has been identified) to identify the originating host. We extend the SPIE system (which operates at the IP routers) with auditing at the Ethernet switches. The Ethernet traffic visibility issue is resolved with the use of switch port mirroring. The MAC address table is used to establish causality between the source frame address and source switch port. Our work removes the requirement for a specific network topology, as is the case in other known solutions. We provide a prototype implementation and preliminary evaluation of this to establish the efficacy of our proposal.
Author(s): Andreou MS, van Moorsel A
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2007
Pages: 18
Print publication date: 01/07/2007
Source Publication Date: July 2007
Report Number: 1040
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1040.pdf
