ISSN : 2349-3917
It is long known attackers may use forged source IP address to conceal their real locations. To capture the spoofers, a number of IP traceback mechanisms have been proposed. However, due to the challenges of deployment, there has been not a widely adopted IP traceback solution, at least at the Internet level. The passive IP traceback (PIT) that bypasses the deployment difficulties of IP traceback techniques which identifies and deeply investigates path backscatter messages, these messages are valuable to understand spoofing activities. It specifies victims in reflection based spoofing attacks, the victims can find the locations of the spoofers directly from the attacking traffic. Through applying PIT on the path backscatter dataset, a number of locations of spoofers are captured and presented. PIT investigates Internet Control Message Protocol error messages (named path backscatter) triggered by spoofing traffic,and tracks the spoofers based on public available information. These results can help further reveal IP spoofing, which has been studied for long but never well understood.