In disaster sites of 2011 Tohoku Earthquake, digital communication was virtually unavailable due to the serious damage to the existing Internet and ICT resources. Thus there were urgent demands for recovering the Internet connectivity and first aid communication tools. This paper describes the design and deployment of networking systems that provide Internet connectivity using 3G mobile links or VSAT satellite links. In this paper we examine two approaches for post-disaster networking: quickly deployable package and on-demand networking. Based on a comparison of their characteristics and deployment experiences, this paper tries to extract lessons that contribute to improving the preparedness to another disaster. This paper also shares our significant operational experience acquired through supporting a maximum of 54 sites in Tohoku area including evacuation shelters, temporary hospitals and local government offices.

Hash-based IP traceback is a technique to generate audit trails for traffic within a network. Using the audit trails, it reconstructs not only the true attack paths of a Distributed Denial of Service attack (DDoS attack), but also the true path of a single packet attack. However, hash-based IP traceback cannot identify attacker nodes themselves because it has no audit trail on the subnet's layer-2 network under the detected leaf router, which is the nearest node to an attacker node on a layer-3 network. We propose a layer-2 extension to hash-based IP traceback, which stores two identifiers with packets' audit trails while reducing the memory requirement for storing identifiers. One of these identifiers shows the leaf router's interface through which an attacking packet came, and the other represents the ingress port on a layer-2 switch through which the attacking packet came. We implement a prototype on FreeBSD and evaluate it in a preliminary experiment.