Hacking Path Retracing Algorithm using Packet Marking

패킷 마킹을 이용한 해킹경로 역추적 알고리즘

  • 원승영 (충북대학교 컴퓨터공학과) ;
  • 한승완 (한국전자통신연구원 정보보호연구본부) ;
  • 서동일 (한국전자통신연구원 정보보호연구본부) ;
  • 김선영 (충북대학교 컴퓨터공학과) ;
  • 오창석 (충북대학교 전기전자컴퓨터공학부)
  • Published : 2003.03.01


Retracing schemes using packet marking are currently being studied to protect network resources by isolating DDoS attack. One promising solution is the probabilistic packet marking (PPM). However, PPM can't use ICMP by encoding a mark into the IP identification field. Likewise, it can't identify the original source through a hash function used to encode trace information and reduce the mark size. In addition, the retracing problem overlaps with the result from the XOR operation. An algorithm is therefore proposed to pursue the attacker's source efficiently. The source is marked in a packet using a router ID, with marking information abstracted.


라우터 ID;패킷 마킹;역추적