Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Analyzing large DDoS attacks using multiple data sources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Non-intrusive IP traceback for DDoS attacks
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proximity breeds danger: emerging threats in metro-area wireless networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
New routing algorithms in trustworthy Internet
Computer Communications
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
On the state of IP spoofing defense
ACM Transactions on Internet Technology (TOIT)
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Internet optometry: assessing the broken glasses in internet reachability
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Understanding the efficacy of deployed internet source address validation filtering
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On effectively exploiting multiple wireless interfaces in mobile hosts
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Spoofing challenges faced by broadband access concentrators
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
The internet is not a big truck: toward quantifying network neutrality
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Lightweight opportunistic tunneling (LOT)
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Size-based scheduling: a recipe for DDOS?
Proceedings of the 17th ACM conference on Computer and communications security
Tiered incentives for integrity based queuing
Proceedings of the 2010 Workshop on Economics of Networks, Systems, and Computation
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Enable a trustworthy network by source address spoofing prevention routers: a formal description
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
DataTraffic Monitoring and Analysis
Estimating internet address space usage through passive measurements
ACM SIGCOMM Computer Communication Review
| Hi-index | 0.00 |
Forging, or "spoofing," the source addresses of IP packets provides malicious parties with anonymity and novel attack vectors. Spoofing-based attacks complicate network operator's defense techniques; tracing spoofing remains a difficult and largely manual process. More sophisticated next generation distributed denial of service (DDoS) attacks may test filtering policies and adaptively attempt to forge source addresses. To understand the current state of network filtering, this paper presents an Internet-wide active measurement spoofing project. Clients in our study attempt to send carefully crafted UDP packets designed to infer filtering policies. When filtering of valid packets is in place we determine the filtering granularity by performing adjacent netblock scanning. Our results are the first to quantify the extent and nature of filtering and the ability to spoof on the Internet. We find that approximately one-quarter of the observed addresses, netblocks and autonomous systems (AS) permit full or partial spoofing. Projecting this number to the entire Internet, an approximation we show is reasonable, yields over 360 million addresses and 4,600 ASes from which spoofing is possible. Our findings suggest that a large portion of the Internet is vulnerable to spoofing and concerted attacks employing spoofing remain a serious concern.