The main problem this paper is trying to solve is that it is difficult to reliably identify the originator of an IP packet. This is important because reliably tracing individual packets back to their sources is the first step toward making attackers accountable for their actions.
The main contribution of this work is the presentation of a hash-based technique for IP traceback that generates audit trails for traffic within a network and can trace the origin of a single IP packet delivered by the network (as opposed to determining the source of a large flow).
(1) One of the key innovations of their Source Path Insolation Engine
(SPIE) is the reduced memory requirement relative to other schemes
(through the use of Bloom filters.
(2) SPIE does not increase a network's vulnerability to eavesdropping because only packet digests are stored, not the packets themselves.
I would rate this paper as a 4 because it presents a solution to the problem of tracing a single packet back to its source. The biggest advantages of this proposed system is that SPIE has low storage requirements and does not aid in easvesdropping.
I felt like the authors were very effective in their description of this new and not clearly defined problem. To me, the assumptions made by the authors do seem realistic, although I'm interested in how traceback will be performed given that traceback will likely be requested when the network is unstable.
The most important limitation to this approach is that traceback will often be requested precisely when the network is unstable. The authors suggest using an out-of-band channel or through either physically or logically separate links, which I think is a limiting assumption.
Difficult problems such as preventing and tracing attacks often do not have clean or easy solutions. However, it is important to still attempt to tackle a small portion of the problem, laying the foundation for future work.