Traceback Research & Experiments Against Source Address Attacks
Presented by Ken Wakasa (Japan Data Communications Association)
Recently, attacks involving source IP spoofing have become a critical issue for Internet security and operation from the viewpoint of ISPs.
Research and development into traceback systems that trace an end victim host to an end spoofing host via multiple ISPs is progressing. However, many difficult issues, including those that can't be resolved by IT technology alone, have prevented traceback systems from achieving widespread adoption.
We had been researching issues of widespread traceback adoption since 2005, and resolved many challenges on a step-by-step basis.
In 2006 we developed an operational model that provided a solution to the three cornered deadlock affecting traceback, which consists of interrelated operational, legal and technical issues.
In 2007 we constructed a three-layer traceback system.In 2008 we conducted the first demonstration experiments with five ISPs, and found an efficient traceback deployment scenario applicable to the situation in Japan.
In 2009 we conducted large scale demonstration experiments with fifteen ISPs, and considered issues of system performance, operational efficiency, the management system's validity, and system adaptability, all of which are necessary for our traceback system to achieve widespread adoption.
We would like to introduce the results of our research and experiments, and hear your opinions, global ISPs and Internet experts, on how we can make further progress.