An Approach in Identifying and Tracing Back Spoofed IP Packets to their Sources

Document Type

Conference Proceeding


Edith Cowan University


Faculty of Computing, Health and Science


School of Computing, Health and Science




Sansurooah, K. (2007). An approach in identifying and tracing back spoofed IP packets to their sources. In Proceedings of The 5 th Australian Digital Forensics Conference (p. 8). Available here


With internet expanding in every aspect of businesses infrastructure, it becomes more and more important to make these businesses infrastructures safe and secure to the numerous attacks perpetrated on them conspicuously when it comes to denial of service (DoS) attacks. A Dos attack can be summarized as an effort carried out by either a person or a group of individual to suppress a particular outline service. This can hence be achieved by using and manipulating packets which are sent out using the IP protocol included into the IP address of the sending party. However, one of the major drawbacks is that the IP protocol is not able to verify the accuracy of the address and has got no method to validate the authenticity of the sender’s packet. Knowing how this works, an attacker can hence fabricate any source address to gain unauthorized access to critical information. In the event that attackers can manipulate this lacking for numerous targeted attacks, it would be wise and safe to determine whether the network traffic has got spoofed packets and how to traceback. IP traceback has been quite active specially with the DOS attacks therefore this paper will be focusing on the different types of attacks involving spoofed packets and also numerous methods that can help in identifying whether packet have spoofed source addresses based on both active and passive host based methods and on the router-based methods.



Access Rights



Link to publisher version (DOI)