Definition[]
Traceback is the "[i]dentification of the source of a data packet."[1]
Overview[]
The goal of traceback capabilities is to determine the path from a victimized network or system through any intermediate systems and communication pathways, back to the point of attack origination. In some cases, the computers launching an attack may themselves be compromised hosts being controlled remotely from a system one or more levels farther removed from the system under attack.
Traceback capability is limited by the ability of attackers to spoof source IP addresses. Some standard network information sources (such as traceroute and DNS registries) can often trace a path back to a host Internet service provider (ISP). Router netflow (a metering technology for network measurements) information, when available, can also be useful. Geographic location information may be accurate at the country or state level but may not be practical with satellite-based ISPs.
References[]
- ↑ Internet Security Glossary, at 310.