Method and apparatus for tracing packets in a communications network
First Claim
1. A method for tracing a sequence of packets to a potential source thereof within a communications network, the sequence of packets being received at a target host in said communications network at a received packet rate, the method comprising the steps of:
- applying a burst load to each of one or more selected network elements in said communications network, for each selected network element. measuring a change in said received packet rate in response to said application of said burst load to said selected network element; and
determining said potential source of said sequence of packets based on said measured changes in said received packet rate.
12 Assignments
0 Petitions
Accused Products
Abstract
A method for tracing packets in a communications network directed to tracing a stream of anonymous packets received at a given target host, in order to identify their source, in response, for example, to a Denial-of-Service (“DoS”) attack on the target host. Advantageously, the tracing is performed without reliance on knowledge or cooperation from intervening Internet Service Providers (ISPs) along the path. The method is performed by applying a “burst load” (i.e., a brief but heavy load of transmitted packets) to various elements (i.e., links or routers) in the network and measuring the change in the rate with which the stream of packets arrive at the target. If the rate is substantially altered upon introduction of the burst load, then it may be deduced that the given element is most likely on the path from the source host of the DoS attack to the target host.
101 Citations
30 Claims
-
1. A method for tracing a sequence of packets to a potential source thereof within a communications network, the sequence of packets being received at a target host in said communications network at a received packet rate, the method comprising the steps of:
-
applying a burst load to each of one or more selected network elements in said communications network, for each selected network element. measuring a change in said received packet rate in response to said application of said burst load to said selected network element; and
determining said potential source of said sequence of packets based on said measured changes in said received packet rate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
16. An apparatus for tracing a sequence of packets to a potential source thereof within a communications network, the sequence of packets being received at a target host in said communications network at a received packet rate, the apparatus comprising:
-
means for applying a burst load to each of one or more selected network elements in said communications network;
means for measuring changes in said received packet rate in response to said application of said burst load to each of said selected network elements; and
means for determining said potential source of said sequence of packets based on said measured changes in said received packet rate.
-
Specification