A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Many network attacks forge the source address in their IP packets to block traceback. This situation does not change much in IPv6 network since IPSEC is not enabled generally and most IP address spoof attacks have taken effect before packets reached destination. Although ingress filtering can be used to validate source addresses, it could only ensure that the network portion of an address is not spoofed. Since subnets are much larger in IPv6, even with RFC 2827-like filtering an adversary can spoof an enormous range of addresses. In this paper, we propose an IPv6 address assignment scheme to generate verifiable IPv6 addresses in one network. With this scheme, router could validate the IPv6 addresses quickly, thus allow all outgoing packets with improper source addresses and all incoming packets with improper destination addresses to be immediately identified. Apart from the obvious merit to counter denial of service attacks, this scheme also make network audit and pricing easier.