Linear and Remainder Packet Marking for Fast IP Trace Back

We have various packet marking schemes in order to trace back Dos/Ddos attackers to theirs source. A major issue in the design of a good trace back scheme by minimizing the maximum number of packets that are needed for a successful trace back. These DDos attacks have become highly distributed as well as increasingly sophisticated. Even if the net sum of these attacking packets is enough to overrule the capacity of victim resources, the number of packets originating from individual sources is not that high. So in order to get optimal trace back scheme, it must require minimal number of packets from the attacker in order to perform an IP trace back. So our system proposes an efficient packet marking scheme also known as the linear packet marking scheme (LPM) that needs a number of packets equal to hop distance between victim and the attacker that is lower than 31. Also our system proposes a more random version of LPM known as the Remainder packet marking (RPM). Even though RPM requires a bit more number of packets for trace back as compared to LPM, well its more robust to other kinds of attacks that may affect LPM. These two schemes use TTL value and IP Id field to decide which router in the path must mark the packet. Using Ns2 simulation we validate how our proposed system performs better at Ip traceback for DDos attacks.