Traceback messaging standard being developed

Itrace, a traceback messaging standard is currantly being developed to track down IP packets traversing the internet.
Written by Francis Chu, Contributor on

The internet engineering task force last month established a working group to develop an ICMP Traceback messaging standard that can be used to track down IP packets traversing the Internet. Code-named Itrace, the standard is intended to provide a tool to trace DDoS attacks. n Distributed denial-of-service attacks have wreaked havoc on major Websites and cost companies thousands of dollars. There is no known way to block these attacks, and they are extremely difficult to trace because hackers use fake IP addresses.

The plan is to deploy the Itrace standard across the Internet on routers used by ISPs. Routers upgraded to comply with Itrace will randomly generate a traceback message that is sent with packets to their destinations.

Hackers use many computers to launch DDoS attacks against Web servers, and the malicious packets will end up traveling through many ISP routers before flooding the targeted server. A victimized site's IT managers could use the information in the traceback messages to determine the origin of the packets.

Itrace is still under development, and there are many hurdles to overcome, not the least of which are persuading router vendors to support the standard and getting ISPs to bear the costs of upgrading ISP infrastructures already in place.

In addition, ISPs will need to develop authentication schemes to validate the traceback messages and prevent hackers from sending bogus ICMP messages in an effort to cover their tracks.

So, what's so great about an unproven tool that is only on the drawing board? The hope is that its development could be the first step toward stopping one of the most damaging kinds of attacks Web sites face.

The best way to prevent DDoS attacks is for the Internet community to ensure that Web servers are so secure that hackers can't launch the attacks in the first place.

However, if Itrace becomes a reality, the presence of an instrument that can track DDoS attacks will discourage many hackers who do not want to risk discovery. Sure, the most seasoned hackers will find ways to circumvent Itrace, but at least the crusade to combat DDoS attacks has finally begun.

What will the future bring in the battle against DDoS attacks? Contact me at francis_chu@ziffdavis.com.

Editorial standards