A novel hierarchical stateless single-packet IP traceback (for short HSSIT) technique was proposed.It not only implements the attack-path reconstruction of two level granularities (i.e.,inter-domain and intra-domain),but also need not store any data in the core node.HSSIT redefines the optional field of IP packet head to store the digest information (including IP address and AS number) of path traveled by each IP packet in GBF data structure.As soon as the path reconstruction required,the victim can find the attack-rooted AS using GBFAS.And then the border router within the attack-rooted AS can easily search out the nearest router to attack source using GBFIP.Compared with PPM,SPIE and ASEMby theory analysis and simulations,the results show that HSSIT outperforms in terms of robustness against tampering and counterfeiting node digest information,and the convergence.Finally,the attack-path reconstruction experiments for the general case(i.e.,AS path length about 3~7)show that HSSIT’s inter-domain coincidence degrees and intra-domain ones between original attack-path and reconstructed attack-path are within the ranges 100%~98% and 98%~90%,respectively.The experiments results demonstrate that HSSIT is able to accurately reconstruct attack-path to realize the traceback of attack source.