Litcius/Paper detail

Identifying Networks Vulnerable to IP Spoofing

Osvaldo Fonseca, Ítalo Cunha, Elverton Fazzion, Wagner Meira, Brivaldo Alves da Silva, Ronaldo A. Ferreira, Ethan Katz-Bassett

2021IEEE Transactions on Network and Service Management21 citationsDOI

Abstract

The lack of authentication in the Internet's data plane allows hosts to falsify (spoof) the source IP address in packet headers. IP source spoofing is the basis for amplification denial-of-service (DoS) attacks. Current approaches to locate sources of spoofed traffic lack coverage or are not deployable today. We propose a mechanism that a network with multiple peering links can use to coarsely locate the sources of spoofed traffic in the Internet. The idea behind our approach is that a network can monitor and map spoofed traffic arriving on a peering link to the set of sources routed toward that link. We propose mechanisms the network can use to systematically vary BGP announcement configurations to induce changes to Internet routes and to the set of sources routed to each peering link. A network using our technique can correlate observations over multiple configurations to more precisely delineate regions sending spoofed traffic. Evaluation of our techniques on the Internet shows that they can partition the Internet into small regions, allowing targeted intervention.

Topics & Concepts

PeeringSpoofing attackComputer networkComputer scienceIP address spoofingIP tracebackNetwork packetForwarding planeDenial-of-service attackThe InternetComputer securityIP tunnelInternet protocol suiteInternet ProtocolNetwork address translationWorld Wide WebNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection Techniques