Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A Novel Approach

Protecting sensitive information of an Autonomous System (AS) is a critical issues. False origin with IP source address spoofing is a major threat for AS which causes serious attacks like insider attack, DDoS, unauthorized access of intellectuals and many more. Intra domain IP source address spoofing is still a challenge for security experts due to less secure router architecture and unavailability of perfect solution. In this paper, we aim to modify current LAN communication technology in private network to eliminate the possibility of any spoofed packet going outside that network. Our method is fast, light weighted, low management overhead and easy to deploy in IPv4 (preferable in IPv6), which prevent IP source address spoofing in same subnet (AS) and replay attack..

[1]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[2]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[3]  Jianping Wu,et al.  An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network , 2007, International Conference on Computational Science.

[4]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[5]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[6]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[7]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[8]  B. Rizvi,et al.  Analysis of adjusted probabilistic packet marking , 2003, Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764).

[9]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[10]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[11]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[12]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[13]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[14]  W.T. Strayer,et al.  SPIE-IPv6: single IPv6 packet traceback , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[15]  Qiang Liu,et al.  A two-level source address spoofing prevention based on automatic signature and verification mechanism , 2008, 2008 IEEE Symposium on Computers and Communications.

[16]  G. Manimaran,et al.  A novel packet marking scheme for IP traceback , 2004, Proceedings. Tenth International Conference on Parallel and Distributed Systems, 2004. ICPADS 2004..

[17]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.