A deployable approach for inter-AS anti-spoofing

Proceedings - International Conference on Network Protocols, ICNP

Volumn , Issue , 2011, Pages 19-24

  Liu, Bingyang ^a   Bi, Jun ^a   Zhu, Yu ^a  

^a TSINGHUA UNIVERSITY   (China)

Author keywords

Inter AS; IP Spoofing; Packet Filtering

Indexed keywords

AUTONOMOUS SYSTEMS; BORDER ROUTERS; DENIAL OF SERVICE ATTACKS; DEPLOYABILITY; DEPLOYMENT COSTS; EVALUATION RESULTS; FILTERING EFFICIENCY; INTER-AS; INTERNET DATA; IP PACKETS; IP SPOOFING; MAINTENANCE COST; NETWORK DIAGNOSIS; PACKET FILTERING; SOURCE ADDRESS;

COMPUTER CRIME; COSTS; INTERNET PROTOCOLS; INTERNET SERVICE PROVIDERS; MAINTENANCE; NETWORK MANAGEMENT; NETWORK PROTOCOLS;

NETWORK SECURITY;

EID: 84055179063     PISSN: 10921648     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICNP.2011.6089052     Document Type: Conference Paper

References (26)

1. R. Beverly, A. Berger and Y. Hyun, "Understanding the efficacy of deployed internet source address validation filtering," Proc. the 9th ACM SIGCOMM conference on Internet measurement conference, ACM, 2009, pp. 356-369.
2. K. Park and H. Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets," Proc. ACM SIGCOMM Computer Communication Review, 2001, pp. 15-26.
3. A. Bremler-Barr and H. Levy, "Spoofing prevention method," Proc. IEEE Computer and Communications Societies (InfoCom), IEEE, 2005, pp. 536-547 vol. 531.
4. X. Liu, A. Li, X. Yang and D. Wetherall, "Passport: Secure and adoptable source authentication," Proc. USENIX/ACM Symposium on Networked Systems Design and Implementation, USENIX Association, 2008, pp. 365-378.
5. K.J. Houle, G.M. Weaver, N. Long and R. Thomas, "Trends in denial of service attack technology," Book Trends in denial of service attack technology, Series Trends in denial of service attack technology, 2001.
6. W. Eddy, "TCP SYN Flooding Attacks and Common Mitigations, "RFC4987, 2007.
7. A. Barbir, S. Murphy and Y. Yang, "Defending TCP Against Spoofing Attacks," RFC4953, 2006.
8. C.C. Center, "CERT advisory CA-1998-01 smurf IP denial-of-service attacks,", January, 1998.
9. V. Paxson, "An analysis of using reflectors for distributed denial-of-service attacks," ACM SIGCOMM Computer Communication Review, vol. 31, no. 3, 2001, pp. 38-47. (Pubitemid 33586487)
10. D. Roland and M. Carlos, "Worldwide infrastructure security report,"Arbor Networks, vol. VI, 2010.
11. P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing,"RFC2827, 2000.
12. F. Baker and P. Savola, "Ingress Filtering for Multihomed Networks", RFC3704, 2004.
13. J. Wu, J. Bi, X. Li, G. Ren, K. Xu and M. Williams, "A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience,"RFC5210, June, 2008.
14. H. Lee, M. Kwon, G. Hasker and A. Perrig, "BASE: An incrementally deployable mechanism for viable IP spoofing prevention," ACM, 2007, pp. 20-31.
15. Z. Duan, X. Yuan and J. Chandrashekar, "Constructing inter-domain packet filters to control IP spoofing based on BGP updates," Citeseer, 2006.
16. J. Bi, B. Liu, J. Wu and Y. Shen, "Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method," Tsinghua Science & Technology, vol. 14, no. 4, 2009, pp. 413-422.
17. J. Li, J. Mirkovic, M. Wang, P. Reiher and L. Zhang, "SAVE: Source address validity enforcement protocol," Citeseer, 2002, pp. 1557-1566.
18. T. Ehrenkranz and J. Li, "On the state of IP spoofing defense," ACM Transactions on Internet Technology (TOIT), vol. 9, no. 2, 2009, pp. 6.
19. J. Black, S. Halevi, H. Krawczyk, T. Krovetz and P. Rogaway, "UMAC: Fast and secure message authentication," Springer, 1999, pp. 79-79.
20. W. Diffie and M. Hellman, "New directions in cryptography, "Information Theory, IEEE Transactions on, vol. 22, no. 6, 1976, pp. 644-654.
21. J. Daemen and V. Rijmen, The design of Rijndael: AES - the advanced encryption standard, Springer Verlag, 2002.
22. W. John and S. Tafvelin, "Analysis of internet backbone traffic and header anomalies observed," ACM, 2007, pp. 111-116.
23. X. Wang, L. Guo, T. Yang, W. Ji, Y. Li, X. Liu, et al., "New routing algorithms in trustworthy Internet," Computer Communications, vol. 31, no. 14, 2008, pp. 3533-3536.
24. "IPv4 Routed /24 AS Links Dataset," http://www.caida.org/data/ active/ipv4-routed-topology-aslinks-dataset.xml, 4/29/2011.
25. "ASes ordered by originating address span,"http://www.cidr- report.org/as6447/bgp-originas.html, 5/3/2011.
26. CNGI-CERNET2, http://www.cernet2.edu.cn/index-en.htm.