A novel IPv6 traceback architecture using COPS protocol

  • Syed Obaid Amin
  • Muhammad Shoaib Siddiqui
  • Choong Seon HongEmail author
Original Paper


In any Distributed Denial of Service (DDoS) attack, invaders may use incorrect or spoofed Internet Protocol (IP) addresses in the attacking packets and thus disguise the actual origin of the attacks. This is primarily due to the stateless nature of the Internet. IP traceback algorithms provide mechanisms for identifying the true source of an IP datagram on the Internet ensuring at least the accountability of cyber attacks. While many IP traceback techniques have been proposed, most of the previous studies focus and offer solutions for DDoS attacks done on Internet Protocol version 4 (IPv4) environment. IPv4 and IPv6 networks differ greatly from each other, which urge the need of traceback techniques specifically tailored for IPv6 networks. In this paper, we propose a novel traceback architecture for IPv6 networks using Common Open-Policy Service and a novel packet-marking scheme. We also provide complete underlying protocol details required for traceback support in IPv6 networks. The proposed architecture is on demand and only single packet is required to traceback the attack.


DDoS Traceback IPv6 Network security Network management 



This research was supported by MIC under the ITRC support program supervised by the IITA “(IITA-2007-(C1090–0701–0016))”. And Dr. CS Hong is the corresponding author.


  1. 1.
    Belenky A, Ansari N (2003) Tracing multiple attackers with deterministic packet marking (DPM). In: PACRIM 2003, 49–52, AugGoogle Scholar
  2. 2.
    Belenky A, Ansari N (2003) IP traceback with deterministic packet marking IEEE Commun Lett 7(4):162–164CrossRefGoogle Scholar
  3. 3.
    Savage S, Wetherall D, Karlin A, Anderson T (2001) Network support for IP traceback. IEEE/ACM Trans Net 9(3):226–37, JuneCrossRefGoogle Scholar
  4. 4.
    Belenky A, Ansari N (2003) On IP traceback. IEEE Commun Mag 41(7):142–153, JulyCrossRefGoogle Scholar
  5. 5.
    Mankin A, Massey D, Wu C, Wu S, Zhang L (2001) On design and evaluation of ‘intention-driven’ ICMP traceback. In: ICCCN Oct 2001, pp. 159–165Google Scholar
  6. 6.
    Snoeren AC, Partridge C, Sanches LA, Jones CE, Tchakountio F, Kent ST, Strayer WT (2002) Single-packet IP traceback. ACM/IEEE Trans Netw 10(6):721–734CrossRefGoogle Scholar
  7. 7.
    Waldvogel M (2002) GOSSIB vs. IP traceback rumors. In: 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 5–13Google Scholar
  8. 8.
    Deering S, Hinden R (1998) Internet protocol, version 6 (IPv6) specification. RFC 2460. IETF, Fremont, DecGoogle Scholar
  9. 9.
    Convery S, Miller D (2004) IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation (v1.0).
  10. 10.
    Westerinen A, Schnizlein J, Strassner J, Scherling M, Quinn B, Herzog S, Huynh A, Carlson M, Perry J, Waldbusse S (2001) Terminology for policy-based management, RFC3198. IETF Fremont, NovGoogle Scholar
  11. 11.
    Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, AprilGoogle Scholar
  12. 12.
    Kent S, Atinkson R, Black D (1998) IP authentication header, RFC 2402. IETF, Fremont, NovGoogle Scholar
  13. 13.
    Gong C, Le T, Korkmaz T, Sarac K (2005) Single Packet IP Traceback in AS-level Partial Deployment Scenario. In: IEEE GLOBECOM Nov 2005Google Scholar
  14. 14.
    Carpenter B, Moore K (2001) Connection of IPv6 domains via IPv4 clouds, RFC 3056. IETF, Fremont, FebGoogle Scholar
  15. 15.
    Durand A, Fasano P, Lento D (2001) IPv6 tunnel broker, RFC 3053. IETF, Fremont, JanGoogle Scholar
  16. 16.
    Conta A, Deering S (1998) General packet tunneling in IPv6 specification, RFC 2473. IETF, Fremont, DecGoogle Scholar
  17. 17.
    Durham D, Boyle J, Cohen R, Herzog S, Rajan R, Sastry A (2000) The COPS (Common Open Policy Service) protocol, RFC 2748. IETF, Fremont, JanGoogle Scholar
  18. 18.
    Song B, Heo J, Hong CS (2007) Collaborative defense mechanism using statistical detection method against DDoS attacks. IEICE Trans Commun E90-B(10):2655–2664, Oct 1CrossRefGoogle Scholar
  19. 19.
    Barabasi AL, Albert R (1999) Emergence of scaling in random networks. Science 286:509–512, OctCrossRefMathSciNetGoogle Scholar
  20. 20.
    Korkmaz T, GongC, Sarac K, Dykes SG (2007) Single packet IP traceback in AS-level partial deployment scenario IJSN 2(1/2):95–108CrossRefGoogle Scholar
  21. 21.
    Strayer WT, Jones CE, Tchakountio F, Hain RR (2004) SPIE-IPv6: single IPv6 packet traceback. In: 29th Annual IEEE International Conference on Local Computer Networks 2004 Nov, pp. 118–125Google Scholar

Copyright information

© Institut TELECOM and Springer-Verlag France 2008

Authors and Affiliations

  • Syed Obaid Amin
    • 1
  • Muhammad Shoaib Siddiqui
    • 1
  • Choong Seon Hong
    • 1
    Email author
  1. 1.Department of Computer Engineering, School of Electronics and InformationKyung Hee UniversityYonginSouth Korea

Personalised recommendations