On deterministic packet marking

Andrey Belenky, Nirwan Ansari

Research output: Contribution to journalArticlepeer-review

87 Scopus citations


In this article, we present a novel approach to IP Traceback - deterministic packet marking (DPM).1Three U.S. Patent applications have been filed based on the content of this work.1 DPM is based on marking all packets at ingress interfaces. DPM is scalable, simple to implement, and introduces no bandwidth and practically no processing overhead on the network equipment. It is capable of tracing thousands of simultaneous attackers during a DDoS attack. Given sufficient deployment on the Internet, DPM is capable of tracing back to the slaves responsible for DDoS attacks that involve reflectors. In DPM, most of the processing required for traceback is done at the victim. The traceback process can be performed post-mortem allowing for tracing the attacks that may not have been noticed initially, or the attacks which would deny service to the victim so that traceback is impossible in real time. The involvement of the Internet Service Providers (ISPs) is very limited, and changes to the infrastructure and operation required to deploy DPM are minimal. DPM is capable of performing the traceback without revealing topology of the providers' network, which is a desirable quality of a traceback method.

Original languageEnglish (US)
Pages (from-to)2677-2700
Number of pages24
JournalComputer Networks
Issue number10
StatePublished - Jul 11 2007

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications


  • DDoS attacks
  • IP traceback
  • Security


Dive into the research topics of 'On deterministic packet marking'. Together they form a unique fingerprint.

Cite this