ABSTRACT:
                           At present, the number of unauthorized access incidents on the Internet is growing, and the current access control technologies cannot stop specific way of access.
We had proposed a hop-by-hop IP traceback method that can reliably trace a source of an attack. In this paper, we describe the development and the evaluation of our prototype system. The main features of our proposed method are the packet feature, which is composed of specific packet information contained in a packet for identification of an unauthorized packet, and the algorithm using datalink identifier to identify a routing of a packet. 
We show the development of the prototype system equipped with our tracing functions on routers and its processing result. We here adopt a distributed management approach that controls the tracing process and information within a particular group of networks.

Implementation of Tracer

(1) Packet Conversion and Store process
(2) Trace and Search process

Trace and Search process has two modules: Packet Search module and Upstream Network Interface Decision module

 Conclusions and Future Work:

        We have created a traceback system that can pursue the source even if an IP address is forged, and have demonstrated the effectiveness of the traceback processing. We will consider the relationship among the network load, and the number of tracers. In the viewpoint of the introduction of the traceback, we have 2 subjects. First subject is method to identify matching packets and identify the sources under DOS attack where identical packets are sent from different sources. Second subject is method to introduce the tracer function. At the first step, the introduction of this method assumes the limited network such as Intranet.

        We think that it is possible to implement the tracer function on all the network equipments in such a network environment. However, it is assumed that it is impossible to implement the tracer on all the network environments by the open network. Then, the method that the source can be pursued is needed when the tracer function is partially introduced. We will further study how to improve the accuracy of the packet search process and develop the IP.