Attackers may use forged IP address to hide their real locations. To find the attackers, many mechanism have been used. The mist on the locations of spoofers has never been dissipated till now. we proposes Passive IP Trace back (PIT) which bypasses the deployment difficulties of IP trace back process. PIT investigates ICMP error messages triggered by spoofing traffic, and tracks the spoofers based on public available information. In this way, PIT can find the spoofers without any deployment requirement. This paper illustrates the causes, group effectiveness of PIT, and shows to find out the locations of attackers through applying PIT on the path backscatter dataset. These results can shows further reveal IP spoofing, which has been studied for far but never well understood. Though PIT cannot work in all the spoofing attacks, it may be the most useful mechanism and the statistical results on path backscatter.

Labovitz, “Bots, DDoS and Ground Truth,” A presentation on NANOG 50th, Oct. 2010.

Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer, “Hash-based ip traceback,” SIGCOMM Comput. Commun. Rev., vol. 31, no. 4, pp. 3–14, Aug. 2001.

Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, Inferring internet denial-of-service activity,

H.C. Lee, V.L Thing.Y.Xu, and Ma, “Icmp traceback with cumulative path An efficient solution for ip traceback.