A filter check system for defeating attacks which employ IP source address spoofing

To secure network layer is needed for stable IP network as infrastructure. As TCP SYN flooding attack shows, sender of attack packet generally masquerades as others by spoofing source IP address in the packet. IP network becomes more secure, if backbone network through which IP spoofing packet does not flow can be realized. Egress filtering is a way of not flowing IP spoofing packet into backbone network. Each customer network should activate egress filtering for being an effective stratagem. From not only the view point of IP network security but also suppression of threat to be springboard, egress filter must be applied in all customer networks. However, no tool is ready for easily checking egress filtering. In this paper, we show an egress filter check system which can obtain results of egress filter check on routers in a path to arbitrary host.