Departmental Papers (CIS)

Date of this Version


Document Type

Technical Report


Haeberlen, A., Fonseca, P., Rodrigues, R., & Druschel, P., Fighting Cybercrime with Packet Attestation, Technical Report MPI-SWS-2011-002


IP source addresses are often the only initial lead when investigating cybercrime in the Internet. Unfortunately, source addresses are easily forged, which can protect the culprits and lead to false accusations. We describe a new method for packet attestation in the Internet. Packet attestation establishes whether or not a given IP packet was sent by a particular network subscriber. This capability allows network operators to verify the source of malicious traffic and to validate complaints, identity requests, and DMCA take-down notices against their clients. As a result, innocent users cannot be falsely accused, while the culprits no longer enjoy plausible deniability. Support for packet attestation can be deployed incrementally by ISPs, and requires no changes to end hosts or to the network core.



Date Posted: 20 July 2012