Across-domain deterministic packet marking for IP traceback

Among IP traceback techniques, deterministic packet marking (DPM) can locate the ingress border routers of destination domains with sound effectiveness and robustness. Yet DPM is inefficient to trace to attack origins of remote domains. A novel mechanism, across-domain deterministic packet marking (ADDPM), for IP traceback is proposed. It uses the 30-bit space in IP header reserved for fragmented traffic. Three deterministic markings are recorded into a packet at both the ingress router of source domain and the border router of destination domain respectively. Besides the both routers' IP addresses, the source AS number is also marked. The victim can trace to the remote attack origin by the markings. Deterministic markings can also be used to differentiate malicious packets. Theoretical analyses, deployment policies and simulation results are provided in detail and show the effectiveness of ADDPM.