Definition Edit

Traceback is the "[i]dentification of the source of a data packet."[1]

Overview Edit

The goal of traceback capabilities is to determine the path from a victimized network or system through any intermediate systems and communication pathways, back to the point of attack origination. In some cases, the computers launching an attack may themselves be compromised hosts being controlled remotely from a system one or more levels farther removed from the system under attack.

Traceback capability is limited by the ability of attackers to spoof source IP addresses. Some standard network information sources (such as traceroute and DNS registries) can often trace a path back to a host Internet service provider (ISP). Router netflow (a metering technology for network measurements) information, when available, can also be useful. Geographic location information may be accurate at the country or state level but may not be practical with satellite-based ISPs.

References Edit

  1. Internet Security Glossary, at 310.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.