×

Method and apparatus for tracing a denial-of-service attack back to its source

  • US 7,302,705 B1
  • Filed: 08/30/2000
  • Issued: 11/27/2007
  • Est. Priority Date: 08/30/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for tracing a denial-of-service attack on a victim machine back towards its source, comprising steps of:

  • operating a traceback program on at least one path to receive two input parameters, (a) an IP address (v) of the victim machine and (b) an IP address (r) of a router that is immediately upstream of the victim machine;

    determining a set of routers that are neighbors (n) of r;

    for each neighbor n of r, determining if r is n'"'"'s next-hop for traffic addressed to v, or to a network that v is on, where node n'"'"'s next-hop for traffic addressed to v is the IP address of the node that n will forward a packet to if the destination address in the packet is v;

    if r is not n'"'"'s next-hop for traffic addressed to v, skip over n and query the next neighbor of r, while if r is n'"'"'s next-hop for traffic addressed to v, determining an amount of traffic that n is forwarding to r that is addressed to v;

    based on the determined amounts of traffic of said neighbors determining the identity of the neighbor n of r that is the principal source of packets flowing to r that are addressed to v;

    continuing one node further upstream from the determined neighbor n of r that is the principal source of packets flowing to r that are addressed to v; and

    continuing to traceback through interconnected routers until a source of denial-of-service attack packets to v is determined or until further traceback is not possible.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×