On the state of IP spoofing defense

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On the state of IP spoofing defense

Full text

Pdf (619 KB)

Source

ACM Transactions on Internet Technology (TOIT) archive
Volume 9 , Issue 2 (May 2009) table of contents

Article No. 6

Year of Publication: 2009

ISSN:1533-5399

Authors

Toby Ehrenkranz	University of Oregon, Eugene, OR
Jun Li	University of Oregon, Eugene, OR

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 58, Downloads (12 Months): 418, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1516539.1516541 What is a DOI?

ABSTRACT

IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Micah Adler, Trade-offs in probabilistic packet marking for IP traceback, Journal of the ACM (JACM), v.52 n.2, p.217-244, March 2005 [doi>10.1145/1059513.1059517]
	2	Albrightson, B., Garcia-Luna-Aceves, J., and Boyle, J. 1994. EIGRP—A fast routing protocol based on distance vectors. In Proceedings of the Networld/Interop.
	3	Tuomas Aura , Pekka Nikander, Stateless connections, Proceedings of the First International Conference on Information and Communication Security, p.87-97, November 11-14, 1997
	4	F. Baker, Requirements for IP Version 4 Routers, RFC Editor, 1995
	5	F. Baker , P. Savola, Ingress Filtering for Multihomed Networks, RFC Editor, 2004
	6	Bernstein, D. J. 1996. SYN cookies. http://cr.yp.to/syncookies.html.
	7	Beverly, R. 2004. A robust classifier for passive TCP/IP fingerprinting. In Proceedings of the Passive and Active Measurement Conference, 158--167.
	8	Robert Beverly , Steven Bauer, The spoofer project: inferring the extent of source address filtering on the internet, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.8-8, July 07, 2005, Cambridge, MA
	9	Bremler-Barr, A. and Levy, H. 2005. Spoofing prevention method. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom).
	10	chang Feng, W., Kaiser, E. C., chi Feng, W., and Luu, A. 2005. Design and implementation of network puzzles. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom). 2372--2382.
	11	Cisco Systems Inc. 2007. Configuring TCP intercept. http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_tcp_intercpt.pdf
	12	Drew Dean , Matt Franklin , Adam Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.119-137, May 2002 [doi>10.1145/505586.505588]
	13	Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory 22, 6, 644--654.
	14	Duan, Z., Yuan, X., and Chandrashekar, J. 2006. Constructing inter-domain packet filters to control IP spoofing based on BGP updates. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom).
	15	Ehrenkranz, T. and Li, J. 2007. An incrementally deployable protocol for learning the valid incoming direction of IP packets. Tech. rep. CIS-TR-2007-05, University of Oregon. March.
	16	P. Ferguson , D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor, 2000
	17	Fyodor. 2006. Remote OS detection. http://nmap.org/book/osdetect.html.
	18	Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., and Rubin, A. 2003. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In Proceedings of the Network and Distributed System Security Symposium.
	19	He, Y., Faloutsos, M., and Krishnamurthy, S. V. 2004. Quantifying the routing asymmetry in the Internet at the AS level. In Proceedings of IEEE Conference and Exhibition on Global Telecommunications (GlobeCom).
	20	He, Y., Faloutsos, M., and Krishnamurthy, S. V. 2005. On routing asymmetry in the Internet. In Proceedings of IEEE Conference and Exhibition on Global Telecommunications (GlobeCom).
	21	Cheng Jin , Haining Wang , Kang G. Shin, Hop-count filtering: an effective defense against spoofed DDoS traffic, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948116]
	22	Kent, S. and Seo, K. 2005. Security architecture for the Internet Protocol. RFC 4301.
	23	T. Killalea, Recommended Internet Service Provider Security Services and Procedures, RFC Editor, 2000
	24	Heejo Lee , Minjin Kwon , Geoffrey Hasker , Adrian Perrig, BASE: an incrementally deployable mechanism for viable IP spoofing prevention, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore [doi>10.1145/1229285.1229293]
	25	Li, J., Mirkovic, J., Wang, M., Reiher, P. L., and Zhang, L. 2002. SAVE: Source address validity enforcement protocol. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom). 1557--1566.
	26	Xin Liu , Ang Li , Xiaowei Yang , David Wetherall, Passport: secure and adoptable source authentication, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.365-378, April 16-18, 2008, San Francisco, California
	27	Martin, K. 2006. Stop the bots. Security Focus.
	28	Messmer, E. 2007. Report says identity thieves working hand in hand with ‘bot herders’. Network World.
	29	MIT Advanced Network Architecture Group. 2007. ANA Spoofer Project. http://spoofer.csail.mit.edu/.
	30	Moy, J. 1998. OSPF Version 2. RFC 2328 (Standard).
	31	D. Oran, OSI IS-IS Intra-domain Routing Protocol, RFC Editor, 1990
	32	Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
	33	Piscitello, D. M. 2006. Anatomy of a DNS DDoS amplification attack. http://www.watchguard.com/infocenter/editorial/41649.asp.
	34	Rekhter, Y., Li, T., and Hares, S. 2006. A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard).
	35	J. H. Saltzer , D. P. Reed , D. D. Clark, End-to-end arguments in system design, ACM Transactions on Computer Systems (TOCS), v.2 n.4, p.277-288, Nov. 1984 [doi>10.1145/357401.357402]
	36	Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
	37	Alex C. Snoeren , Craig Partridge , Luis A. Sanchez , Christine E. Jones , Fabrice Tchakountio , Beverly Schwartz , Stephen T. Kent , W. Timothy Strayer, Single-packet IP traceback, IEEE/ACM Transactions on Networking (TON), v.10 n.6, p.721-734, December 2002 [doi>10.1109/TNET.2002.804827]
	38	Taleck, G. 2003. Ambiguity resolution via passive OS fingerprinting. In Proceedings of the Symposium on Recent Advances in Intrusion Detection, 192--206.
	39	Templeton, S. J. and Levitt, K. E. 2003. Detecting spoofed packets. In Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1. 164--175.
	40	Haining Wang , Cheng Jin , Kang G. Shin, Defense against spoofed IP traffic using hop-count filtering, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.40-53, February 2007 [doi>10.1109/TNET.2006.890133]
	41	Wu, J., Ren, G., and Li, X. 2007. Source address validation: Architecture and protocol design. In Proceedings of the Annual International Conference on Network Protocols (ICNP'07).
	42	Abraham Yaar , Adrian Perrig , Dawn Song, Pi: A Path Identification Mechanism to Defend against DDoS Attacks, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.93, May 11-14, 2003
	43	Yaar, A., Perrig, A., and Song, D. 2006. StackPi: New packet marking and filtering mechanisms for DDoS and IP spoofing defense. IEEE J. Selected Areas Commun. 24, 10, 1853--1863.
	44	Zalewski, M. 2001. Strange attractors and TCP/IP sequence number analysis. http://lcamtuf.coredump.cx/oldtcp/.
	45	Zalewski, M. 2002. Strange attractors and TCP/IP sequence number analysis—One year later. http://lcamtuf.coredump.cx/newtcp/.
	46	Zalewski, M. 2006. Passive OS fingerprinting tool. http://lcamtuf.coredump.cx/p0f.shtml.