Packet Filtering Based on Source Router Marking and Hop-Count

Abstract

Denial of service (DoS) attacks impose an increasingly growing threat to the Internet These attacks result in wastage of scarce Internet resources and service disruptions. Existing packet filtering schemes are deployable at either source, intermediate or victim networks. In this paper, we propose a hybrid of the source and the victim networks-based packet filtering approach, source router marking and hop-count (SRHC), to detect and filter high-rate traffic flows and IP-spoofing attacks. Packets are marked at the source network based on their arrival rate threshold. At a victim network, the spoofed packets are marked based on the IP source arrival rate using their respective TTL value. Both source and victim networks collaborate to filter high-rate and IP-spoofing attacks. The ns-2 simulator is used to generate attack scenarios. Our simulation results show that the SRHC scheme effectively filters out high-rate and IP-spoofing attack packets, with minimal collateral damage.