Packet forwarding with source verification
作者: Craig A. Shue , Minaxi Gupta , Matthew P. Davy
DOI: 10.1016/J.COMNET.2007.11.023
关键词: IP address spoofing 、 Internet Protocol 、 Spoofing attack 、 Computer security 、 Computer network 、 The Internet 、 Router 、 Denial-of-service attack 、 Packet forwarding 、 Computer science 、 Packet switching 、 Network packet
摘要: Routers in the Internet do not perform any verification of source IP address contained packets, leading to possibility spoofing. The lack such opens door for a variety vulnerabilities, including denial-of-service (DoS) and man-in-the-middle attacks. Currently proposed spoofing prevention approaches either focus on protecting only target attacks routing fabric used forward spoofed or fail under commonly occurring situations like path asymmetry. With incremental deployability mind, this paper presents two complementary hop-wise packet tagging that equip routers drop packets close their point origin. Our simulations show these dramatically reduce amount possible even partial deployment.
core.ac.uk
acm.org
elsevier.com
sci-hub.se 参考文章(39)
David Wetherall, Thomas Anderson, Xin Liu, Xiaowei Yang, Efficient and secure source authentication with packet passports conference on steps to reducing unwanted traffic on internet. pp. 2- 2 ,(2006)
Steven Bauer, Robert Beverly, The spoofer project: inferring the extent of source address filtering on the internet conference on steps to reducing unwanted traffic on internet. pp. 8- 8 ,(2005)
Steven Michael Bellovin, John Ioannidis, Implementing Pushback : Router-Based Defense Against DDoS Attacks network and distributed system security symposium. ,(2002) , 10.7916/D8R78MXV
Scott Shenker, Lakshminarayanan Subramanian, Ion Stoica, Volker Roth, Randy H. Katz, Listen and whisper: security mechanisms for BGP networked systems design and implementation. pp. 10- 10 ,(2004)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Steven Bellovin, Marcus Leech, Tom Taylor, ICMP Traceback Messages Internet Draft: draft-bellovin-itrace-00. txt. ,(2003) , 10.7916/D8FF406R
Yih-Chun Hu, Markus Jakobsson, Adrian Perrig, Efficient Constructions for One-Way Hash Chains Applied Cryptography and Network Security. ,vol. 3531, pp. 423- 441 ,(2005) , 10.1007/11496137_29
R. Chandra, T. Li, P. Traina, BGP Communities Attribute RFC. ,vol. 1997, pp. 1- 5 ,(1996)
P. Morton, D. Li, T. Li, B. Cole, Cisco Hot Standby Router Protocol (HSRP) RFC. ,vol. 2281, pp. 1- 17 ,(1998)
Srihari R. Sangli, Yakov Rekhter, BGP Extended Communities Attribute RFC. ,vol. 4360, pp. 1- 12 ,(2006)