A study on marking bit size for path identification method: Deploying the Pi filter at the end host

Abstract

Recently, DDoS attacks are more and more serious to the Internet. Many specialists research the defending methods against DDoS. Pi had been proposed as one of the defense methods against complicated DDoS attack by spoofed IP address. Pi is a new packet marking approach, and Pi enables a victim to identify packets traversing the same paths through the Internet on a per packet basis, regardless of source IP address spoofing. Marking size of Pi is the most important parameter of Pi marking scheme to decide the performance of Pi. At the end hosts' view, the most proper marking size of Pi is affected by the Internet environment and its topology. In existing Pi scheme, Pi filter deployed on the ISP's side of the last hop link, but this paper consider the Pi filter deployed at end host in the ISP and tried to find the most proper marking size. © Springer-Verlag Berlin Heidelberg 2004.