The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

An effective defense against spoofed IP traffic

An effective defense against spoofed IP traffic
An effective defense against spoofed IP traffic

The problems presented by Denial of Service (DoS) attacks are aggravated by IP spoofing. In this paper we propose a new approach for IP spoofing detection and real-time prevention. The proposed method depends on the inability of attackers with spoofed source IP address to complete TCP transactions and on the concept of path signatures. Simulations based on real-world Internet topologies shows that 95% of spoofed packets are dropped by the border routers employing the proposed scheme. Using the concept of partial matching of signatures coupled with priority queueing of packets at border routers, the proposed method can be deployed in an incremental fashion with immediate benefit for ISPs who deploy the scheme. In addition, a filter aggregation technique, based on an analysis of BGP dynamics and substantiated by extensive measurements, is presented which allows the proposed scheme to be highly scalable and feasible for deployment on current generation hardware

373-383
Kluwer Academic Publishers
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6

Farhat, Hikmat (2007) An effective defense against spoofed IP traffic. In New Technologies, Mobility and Security. Kluwer Academic Publishers. pp. 373-383 . (doi:10.1007/978-1-4020-6270-4_31).

Record type: Conference or Workshop Item (Paper)

Abstract

The problems presented by Denial of Service (DoS) attacks are aggravated by IP spoofing. In this paper we propose a new approach for IP spoofing detection and real-time prevention. The proposed method depends on the inability of attackers with spoofed source IP address to complete TCP transactions and on the concept of path signatures. Simulations based on real-world Internet topologies shows that 95% of spoofed packets are dropped by the border routers employing the proposed scheme. Using the concept of partial matching of signatures coupled with priority queueing of packets at border routers, the proposed method can be deployed in an incremental fashion with immediate benefit for ISPs who deploy the scheme. In addition, a filter aggregation technique, based on an analysis of BGP dynamics and substantiated by extensive measurements, is presented which allows the proposed scheme to be highly scalable and feasible for deployment on current generation hardware

This record has no associated files available for download.

More information

Published date: 1 January 2007
Venue - Dates: 1st IFIP International Conference on New Technologies, Mobility and Security, NTMS 2007, , Paris, France, 2007-05-02 - 2007-05-04

Identifiers

Local EPrints ID: 492297
URI: http://eprints.soton.ac.uk/id/eprint/492297
DOI: doi:10.1007/978-1-4020-6270-4_31
PURE UUID: 7d5acab1-c3ab-4576-87f1-73ae562d1f48
ORCID for Hikmat Farhat: ORCID iD orcid.org/0000-0002-5043-227X

Catalogue record

Date deposited: 23 Jul 2024 17:12
Last modified: 24 Jul 2024 02:06

Export record

Altmetrics

Contributors

Author: Hikmat Farhat ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×