Ip Spoof

Ip Spoof

On the State of IP Spoofing Defense
TOBY EHRENKRANZ and JUN LI University of Oregon

6

IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spoofing, spoofing defense, spoofing packet, packet filtering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spoofing defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541

1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers inject packets with spoofed source addresses into the Internet, routers forward those packets to their destination just like any other packet—often without checking the validity of the packets’ source addresses. These spoofing packets1 consume network bandwidth en route to their destinations, and are often part of some malicious activity, such as a DDoS attack. Unfortunately, routers on
1 In

this article we use spoofing packets instead of spoofed packets as such a packet is from an attacker,...

View Full Essay