Toggle Main Menu Toggle Search

Open Access padlockePrints

IP Traceback in a Switched Ethernet Network

Lookup NU author(s): Marios Andreou, Professor Aad van Moorsel



IP traceback is the generic term given to systems that allow the tracing of IP packets back to their originating machine. A common shortcoming shared by existing traceback proposals is that they are able to identify the source network, but not the source host. Our work extends the traceback process by allowing the tracing of frames within the originating network (once this has been identified) to identify the originating host. We extend the SPIE system (which operates at the IP routers) with auditing at the Ethernet switches. The Ethernet traffic visibility issue is resolved with the use of switch port mirroring. The MAC address table is used to establish causality between the source frame address and source switch port. Our work removes the requirement for a specific network topology, as is the case in other known solutions. We provide a prototype implementation and preliminary evaluation of this to establish the efficacy of our proposal.

Publication metadata

Author(s): Andreou MS, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2007

Pages: 18

Print publication date: 01/07/2007

Source Publication Date: July 2007

Report Number: 1040

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne