A filter check system for defeating attacks which employ IP source address spoofing

被引：0

作者：

Shiraishi, Yoshiaki ^{[1
]}

Fukuta, Youji ^{[1
]}

Morii, Masakatu ^{[1
]}

机构：

[1] Nagoya Inst Technol, Nagoya, Aichi 4668555, Japan

来源：

WMSCI 2007: 11TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL II, PROCEEDINGS | 2007年

关键词：

IP spoofing packet; egress filtering; backbone network; ICMP; traceroute;

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

To secure network layer is needed for stable IP network as infrastructure. As TCP SYN flooding attack shows, sender of attack packet generally masquerades as others by spoofing source IP address in the packet. IP network becomes more secure, if backbone network through which IP spoofing packet does not flow can be realized. Egress filtering is a way of not flowing IP spoofing packet into backbone network. Each customer network should activate egress filtering for being an effective stratagem. From not only the view point of IP network security but also suppression of threat to be springboard, egress filter must be applied in all customer networks. However, no tool is ready for easily checking egress filtering. In this paper, we show an egress filter check system which can obtain results of egress filter check on routers in a path to arbitrary host.

引用

页码：289 / +

页数：2

共 15 条

[1] IP source address spoofing filtering based on Bloom filter
Yan, Qiao
Shenzhen Daxue Xuebao (Ligong Ban)/Journal of Shenzhen University Science and Engineering, 2009, 26 (02): : 132 - 136
[2] Preventing Utilization of Shared Network Resources by Detecting IP Spoofing Attacks through Validation of source IP Address
Lema, Hussein
Simba, Fatuma
Ally, Abdulla
2018 IST-AFRICA WEEK CONFERENCE (IST-AFRICA), 2018,
[3] LSAV: Lightweight source address validation in SDN to counteract IP spoofing-based DDoS attacks
Karakoc, Ali
Alagoz, Fatih
TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, 2023, 31 (07) : 1187 - 1205
[4] 3-3 Studies on countermeasures for thwarting spoofing attacks - Cases of IP address spoofing and Web spoofing
Miyamoto, Daisuke
Hazeyama, Hiroaki
Kadobayashi, Youki
Journal of the National Institute of Information and Communications Technology, 2011, 58 (3-4): : 99 - 111
[5] Revisiting inter-AS IP Spoofing Let the Protection Drive Source Address Validation
Jia, Yihao
Liu, Ying
Ren, Gang
He, Lin
2017 IEEE 36TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC), 2017,
[6] A Hybrid Lightweight Defense System Against Address Spoofing Based DDoS Attacks in SDN
Sinha, Mitali
Bera, Padmalochan
Satpathy, Manoranjan
Sahoo, Kshira Sagar
SECURITY AND PRIVACY, 2025, 8 (02):
[7] HyPASS: Design of hybrid-SDN prevention of attacks of source spoofing with host discovery and address validation
Meena, Ramesh Chand
Bhatia, Surbhi
Jhaveri, Rutvij H.
Cheng, Long
Kumar, Ankit
Mashat, Arwa
PHYSICAL COMMUNICATION, 2022, 55
[8] Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method
毕军
刘冰洋
吴建平
沈燕
Tsinghua Science and Technology, 2009, 14 (04) : 413 - 422
[9] Proactively detecting distributed denial of service attacks using source IP address monitoring
Peng, T
Leckie, C
Ramamohanarao, K
NETWORKING 2004: NETWORKING TECHNOLOGIES, SERVICES, AND PROTOCOLS; PERFORMANCE OF COMPUTER AND COMMUNICATION NETWORKS; MOBILE AND WIRELESS COMMUNICATIONS, 2004, 3042 : 771 - 782
[10] Protecting servers against DDoS attacks with improved source IP address monitoring scheme
Takada, Hellinton Hatsuo
Anzaloni, Alessandro
2006 2ND CONFERENCE ON NEXT GENERATION INTERNET DESIGN AND ENGINEERING, 2006, : 154 - +

← 1 2 →