Abstract
In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a public Cloud provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud providers. These results show that most of the tested public Cloud providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the public Cloud providers to deploy better techniques for detection and elimination of spoofed IP traffic.
Highlights
Introduction“Strictly speaking, the simple act of spoofing an identity is not illegal (i.e., no hacking is involved in the commission of the act)
IP spoofing—the simple act of modifying an IP packet by replacing its genuine source address with a forged one as illustrated in Figure 1 has long been known as the key precursor for many different forms of cyber attacks and illegitimate online activities, including man-in-the-middle (MitM) attacks, distributed denial of service (DDoS) attacks, ARP and DNS poisoning attacks, spoofed port scanning, etc
What makes IP spoofing challenging for cybersecurity defenders is (a) the fact that no network is entirely immune to attacks that deploy IP spoofing, and (b) there are many readily available tools and programming packages that allow even moderately-skilled hackers to integrate IP spoofing into their attacks, such as Scapy, Hping, Libcrafter, etc
Summary
“Strictly speaking, the simple act of spoofing an identity is not illegal (i.e., no hacking is involved in the commission of the act). It only becomes illegal when a threat of death or violence is involved, or personal data are stolen in order to commit fraud or identity theft”. There are many legitimate reasons/operations that may require the use of packets with forged IP addresses (e.g., network troubleshooting, penetration testing, workload and stress testing, user anonymization, etc.).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
