Abstract
Spoofing the source IP address of packets on the Internet is one of the major tools used by hackers to mount denial of service (DoS) attacks. In such attacks the attackers forge the source IP of packets that are used in the attack. Instead of carrying the source IP of the machine the packet came from, it contains an arbitrary IP address which is selected either randomly or intentionally. The ease with which such attacks are generated made them very popular. According to a study [1] there are at least four thousand such attacks every week in the Internet. There are very few and not very effective mechanisms that network operators may use today to detect and filter out spoofed packets. The most prominent of them is the ingress and egress filtering. In ingress filtering an ISP prohibits receiving from its stub connected networks packets whose source address does not belong to the corresponding stub network address space [3]. In egress filtering a router or a firewall, which is the gateway of a stub network, filters out any packet leaving the network whose source address does not belong to the network address space[2, 4]. Ingress and egress filtering are ”good-will” preventive and not selfdefensive methods. Cooperative and “good-netizen” network operators deploy the method to avoid being the source of such attacks, however these methods do not provide any self-remedy to victims while being attacked. In this work we present an alternative solution, the Spoofing Prevention Method (SPM), which offers an efficient and defensive method by which routers on destination networks can detect and filter out spoofed packets. Together with the ingress/egress methods SPM is both more effective in stopping spoofed attacks and provides an incentive to the network owners to implement the methods. Thus becoming a defensive method that overcomes the deficiencies of the ingress/egress filtering approach. An ISP that joins SPM marks all the packets originating in its domain with a special key that is known only to the participants of SPM. The key placed on each packet is a function of the source network
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
