Toggle Main Menu Toggle Search

Open Access padlockePrints

COTraSE: Connection Oriented Traceback in Switched Ethernet

Lookup NU author(s): Marios Andreou, Professor Aad van Moorsel

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

Layer 2 Traceback is an important component of end-to-end packet traceback. Whilst IP Traceback identifies the origin network, Layer 2 Traceback extends the process to provide a more fine-grained result. Other known proposals have exposed the difficulties of Layer 2 Traceback in switched ethernet. We build on our earlier ``switch-SPIE'' and improve in a number of dimensions. Memory requirements are decreased by maintaining `connection records' rather than logging all frames. Our switchport resolution algorithm provides error detection by correlating MAC address table values from two adjacent switches. Our solution also takes stock of potential transformations to packet data as this leaves the local network. We have implemented the core algorithm and used data from available WAN traces to demonstrate the potential memory efficiency of our approach.


Publication metadata

Author(s): Andreou MS, van Moorsel A

Publication type: Article

Publication status: Published

Journal: Journal of Information Assurance and Security

Year: 2009

Volume: 4

Issue: 2

Pages: 91-105

ISSN (print): 1554-1010

ISSN (electronic): 1554-1029

Publisher: Dynamic Publishers Inc., USA

URL: http://www.mirlabs.org/jias/secured/Volume%204-Isuue%202/vol4-issue2.html

Notes: A preliminary version of this paper was presented at IAS 2008. In this article we outline our L2 Traceback system requirements and explain how COTraSE improves over our earlier switch-SPIE system. We provide supplementary details of the WAN trace data used by our implementation and expand on the calculation of COTraSE memory requirements. We also provide additional background material to aid the reader, including a discussion of the related Netflow system. In particular we consider how the flow expiration mechanisms adopted by Netflow differ from those of COTraSE and how this affects L2 Traceback.


Share