论文信息 - DNS-Based Defense against IP Spoofing Attacks

DNS-Based Defense against IP Spoofing Attacks

Many attacks on the Internet spoof the source IP addresses. Numerous techniques have been researched and developed thus far to cope with this, but they are not yet sufficient. This paper proposes a Domain Name System-based technique for handling the issue. An attacker needs the IP address of an application server, the target of attack, to access there. To obtain the address, the attacker queries the DNS full-service resolver to resolve the server's fully qualified domain name. While the attacker is inquiring about the address, it cannot spoof its address in the proposed scheme. The proposed scheme informs the application server-side gateway of the client's address, with which the gateway can ignore access by those other than the informed address.

Daisuke Miyamoto | Takeshi Takahashi | Eimatsu Moriyama

[1] Daisuke Miyamoto,et al. Taxonomical approach to the deployment of traceback mechanisms , 2011, 2011 Baltic Congress on Future Internet and Communications.

[2] Wesley M. Eddy,et al. TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[3] Bernard Aboba,et al. IPsec-Network Address Translation (NAT) Compatibility Requirements , 2004, RFC.

[4] Meng Weng Wong,et al. Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1 , 2006, RFC.

[5] Danny McPherson,et al. Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF) , 2009, RFC.

[6] Fred Baker,et al. Ingress Filtering for Multihomed Networks , 2004, RFC.