Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Measuring ISP topologies with rocketfuel
IEEE/ACM Transactions on Networking (TON)
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
AS relationships: inference and validation
ACM SIGCOMM Computer Communication Review
The spoofer project: inferring the extent of source address filtering on the internet
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Statistical learning in network architecture
Statistical learning in network architecture
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
IEEE Journal on Selected Areas in Communications
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
The 2nd workshop on active internet measurements (AIMS-2) report
ACM SIGCOMM Computer Communication Review
The 3rd workshop on active internet measurements (AIMS-3) report
ACM SIGCOMM Computer Communication Review
An untold story of middleboxes in cellular networks
Proceedings of the ACM SIGCOMM 2011 conference
RatBot: anti-enumeration peer-to-peer botnets
ISC'11 Proceedings of the 14th international conference on Information security
Auto-learning of SMTP TCP transport-layer features for spam and abusive message detection
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Border gateway protocol (BGP) and traceroute data workshop report
ACM SIGCOMM Computer Communication Review
FaaS: filtering IP spoofing traffic as a service
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
FaaS: filtering IP spoofing traffic as a service
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
VASE: Filtering IP spoofing traffic with agility
Computer Networks: The International Journal of Computer and Telecommunications Networking
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
When tolerance causes weakness: the case of injection-friendly browsers
Proceedings of the 22nd international conference on World Wide Web
Internet nameserver IPv4 and IPv6 address relationships
Proceedings of the 2013 conference on Internet measurement conference
Source address filtering for large scale networks
Computer Communications
Research papers: A study of traffic from the perspective of a large pure IPv6 ISP
Computer Communications
| Hi-index | 0.00 |
IP source address forgery, or "spoofing," is a long-recognized consequence of the Internet's lack of packet-level authenticity. Despite historical precedent and filtering and tracing efforts, attackers continue to utilize spoofing for anonymity, indirection, and amplification. Using a distributed infrastructure and approximately 12,000 active measurement clients, we collect data on the prevalence and efficacy of current best-practice source address validation techniques. Of clients able to test their provider's source-address filtering rules, we find 31% able to successfully spoof an arbitrary, routable source address, while 77% of clients otherwise unable to spoof can forge an address within their own /24 subnetwork. We uncover significant differences in filtering depending upon network geographic region, type, and size. Our new tracefilter tool for filter location inference finds 80% of filters implemented a single IP hop from sources, with over 95% of blocked packets observably filtered within the source's autonomous system. Finally, we provide initial longitudinal results on the evolution of spoofing revealing no mitigation improvement over four years of measurement. Our analysis provides an empirical basis for evaluating incentive and coordination issues surrounding existing and future Internet packet authentication strategies.