Abstract
The lack of authentication in the Internet's data plane allows hosts to falsify (spoof) the source IP address in packets, which forms the basis for amplification denial-of-service (DoS) attacks. We propose techniques to identify networks that allow its hosts to send spoofed traffic. Our techniques systematically vary BGP announcements from multiple locations to induce changes to Internet routes and to the set of networks routed to each location. Preliminary evaluation in the real Internet indicates operators can correlate observations over multiple announcements to constrain the set of networks that may allow spoofed packets, possibly allowing targeted intervention.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
