Browse by author
Lookup NU author(s): Marios Andreou,
Professor Aad van Moorsel
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Layer 2 Traceback is an important component of end-to-end packet traceback. Whilst IP Traceback identifies the origin network, Layer 2 Traceback extends the process to provide a more fine-grained result. Other known proposals have exposed the difficulties of Layer 2 Traceback in switched ethernet. We build on our earlier ``switch-SPIE'' and improve in a number of dimensions. Memory requirements are decreased by maintaining `connection records' rather than logging all frames. Our switchport resolution algorithm provides error detection by correlating MAC address table values from two adjacent switches. Our solution also takes stock of potential transformations to packet data as this leaves the local network. We have implemented the core algorithm and used data from available WAN traces to demonstrate the potential memory efficiency of our approach.
Author(s): Andreou MS, van Moorsel A
Publication type: Article
Publication status: Published
Journal: Journal of Information Assurance and Security
ISSN (print): 1554-1010
ISSN (electronic): 1554-1029
Publisher: Dynamic Publishers Inc., USA
Notes: A preliminary version of this paper was presented at IAS 2008. In this article we outline our L2 Traceback system requirements and explain how COTraSE improves over our earlier switch-SPIE system. We provide supplementary details of the WAN trace data used by our implementation and expand on the calculation of COTraSE memory requirements. We also provide additional background material to aid the reader, including a discussion of the related Netflow system. In particular we consider how the flow expiration mechanisms adopted by Netflow differ from those of COTraSE and how this affects L2 Traceback.