Ip SpoofOn the State of IP Spooﬁng Defense
TOBY EHRENKRANZ and JUN LI University of Oregon
IP source address spooﬁng has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spooﬁng, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article ﬁrst looks into the current state of IP spooﬁng, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spooﬁng, spooﬁng defense, spooﬁng packet, packet ﬁltering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spooﬁng defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541
1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers inject packets with spoofed source addresses into the Internet, routers forward those packets to their destination just like any other packet—often without checking the validity of the packets’ source addresses. These spooﬁng packets1 consume network bandwidth en route to their destinations, and are often part of some malicious activity, such as a DDoS attack. Unfortunately, routers on
this article we use spooﬁng packets instead of spoofed packets as such a packet is from an attacker,...