Link-Layer Traceback in Ethernet Networks

Abstract

The design of the most commonly-used Internet and local area network protocols provide no way of verifying the sender of a packet is who it claims to be. A malicious host can easily launch an attack while pretending to be another host to avoid being discovered. To determine the identity of an attacker, an administrator can use traceback, a technique that determines the path of attack packets from the victim to the coordinator. Most traceback research has focused on IP and stepping-stone techniques and little has been conducted on the problem of data-link layer trace-back (DLT), the process of tracing frames from the network edge to the attack source. We propose a scheme called tagged-frame traceback (TRACK) that provides a secure, reliable DLT technique for Ethernet networks. TRACK defines processes for Ethernet switches and a centralized storage and lookup host. Simulation results indicate that TRACK provides accurate DLT operation while causing minimal impact on network and application performance.