How asymmetric is the Internet? A Study to support DDoS Mitigation approaches

A promising approach to mitigate large Distributed Reflection Denial-of-Service attacks is to mitigate them closer to the source. To do this it is necessary to determine the network paths that the attackers use. A network path is a path that a packet takes to reach its target. However, determining the network path that an attacker used to reach its target is less trivial than it appears. Tools such as Traceroute allow the user to determine the path towards a target (i.e. the forward path), but not the path from the target to the source (i.e. the reverse path) due to routing asymmetry. Routing asymmetry means that the network path between two hosts may be different in opposite directions. Although previous studies have shown that this asymmetry is widespread, a more detailed characterization is lacking. In this paper routing asymmetry is investigated in depth using world wide large scale measurements using 4.000 probes. The main goal of this paper is to provide characteristics about Internet asymmetry, with the possible application of DRDoS mitigation. Our findings contribute to a conclusive overview of Internet asymmetry, which assist researchers and engineers in making valid assumptions about the asymmetry of network paths.