论文信息 - The spoofer project: inferring the extent of source address filtering on the internet

The spoofer project: inferring the extent of source address filtering on the internet

Forging, or "spoofing," the source addresses of IP packets provides malicious parties with anonymity and novel attack vectors. Spoofing-based attacks complicate network operator's defense techniques; tracing spoofing remains a difficult and largely manual process. More sophisticated next generation distributed denial of service (DDoS) attacks may test filtering policies and adaptively attempt to forge source addresses. To understand the current state of network filtering, this paper presents an Internet-wide active measurement spoofing project. Clients in our study attempt to send carefully crafted UDP packets designed to infer filtering policies. When filtering of valid packets is in place we determine the filtering granularity by performing adjacent netblock scanning. Our results are the first to quantify the extent and nature of filtering and the ability to spoof on the Internet. We find that approximately one-quarter of the observed addresses, netblocks and autonomous systems (AS) permit full or partial spoofing. Projecting this number to the entire Internet, an approximation we show is reasonable, yields over 360 million addresses and 4,600 ASes from which spoofing is possible. Our findings suggest that a large portion of the Internet is vulnerable to spoofing and concerted attacks employing spoofing remain a serious concern.

Robert Beverly | Steven Bauer | Steven J. Bauer | Robert Beverly

[1] Fred Baker,et al. Ingress Filtering for Multihomed Networks , 2004, RFC.

[2] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[3] Alex C. Snoeren,et al. Hash-based IP traceback , 2001, SIGCOMM '01.

[4] Vern Paxson,et al. An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[5] Yakov Rekhter,et al. Address Allocation for Private Internets , 1994, RFC.

[6] Vinod Yegneswaran,et al. Characteristics of internet background radiation , 2004, IMC '04.

[7] Kang G. Shin,et al. Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[8] Jon Postel,et al. Internet Registry IP Allocation Guidelines , 1996, RFC.

[9] Robert Beverly,et al. A Robust Classifier for Passive TCP/IP Fingerprinting , 2004, PAM.

[10] kc claffy,et al. Otter: A general-purpose network visualization tool , 1999 .

[11] Steven M. Bellovin,et al. ICMP Traceback Messages , 2003 .

[12] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.