COTraSE: Connection Oriented Traceback in Switched Ethernet (2008)

Author(s): Andreou M, van Moorsel A

    Abstract: Layer 2 traceback is an important component of end-to-end packet traceback. Whilst IP traceback identifies the origin network, L2 traceback extends the process to provide a more fine-grained result. Other known proposals have exposed the difficulties of L2 traceback in switched ethernet. We build on our earlier work and improve in a number of dimensions. Memory requirements are decreased by maintaining ‘connection records’ rather than logging all frames. Our switchport resolution algorithm provides error detection by correlating MAC address table values from two adjacent switches. Our solution also takes stock of potential transformations to packet data as this leaves the local network. We have implemented the core algorithm and used data from available WAN traces to demonstrate the potential memory efficiency of our approach.

      • Date: 8-10 September 2008
      • Conference Name: Proceedings of the Fourth International Symposium on Information Assurance and Security (IAS)
      • Pages: 198-204
      • Publisher: IEEE Computer Society
      • Publication type: Conference Proceedings (inc. abstract)
      • Bibliographic status: Published

      Keywords: IP traceback, Layer 2 traceback, Network attack tracing, switched ethernet monitoring

      Staff

      Professor Aad van Moorsel
      Head of School, Professor