Hackers in recent years began to invade the IP camera, CCTV cameras, routers and other IoT devices that embedded Linux operating systems, as the power of the botnet. DDoS attacks will directly affect the operation of the victims, which has a huge impact on the operation of the networks. In current Internet, the attackers can easily forge the source IP addresses, so the system administrator cannot discover the true locations of the intruded devices nor the attackers.
In this paper, we proposed a single packet traceback method that allows the source of an attack to be accurately determined with zero router storage load. We use a 32-bit space in the packet header to record attack paths and use the time to live field to decrease the false positive rate of tracebacks. Our protocol does not require additional storage space on routers for recording attack path data.