Link-Layer Traceback In Ethernet Networks

The design of the most commonly-used Internet and Local Area Network protocols provide no way of verifying the sender of a packet is who it claims to be. A malicious host can easily launch an attack while pretending to be another host to avoid being discovered. To determine the identity of an attacker, an administrator can use traceback, a technique that determines the path of attack packets from the victim to the coordinator. Most traceback research has focused on IP and Stepping-Stone techniques and little has been conducted on the problem of Data-Link Layer Traceback (DLT), the process of tracing frames from the network edge to the attack source. We propose a scheme called Tagged-fRAme tracebaCK (TRACK) that provides a secure, reliable DLT technique for Ethernet networks. TRACK defines processes for Ethernet switches and a centralized storage and lookup host. Simulation results indicate that TRACK provides accurate DLT operation while causing minimal impact on network and application performance.