Sciweavers

CN
2008

Packet forwarding with source verification

13 years 11 months ago
Packet forwarding with source verification
Abstract-- Routers in the Internet do not perform any verification of the source IP address contained in the packets, leading to the possibility of IP spoofing. The lack of such verification opens the door for a variety of vulnerabilities, including denial-ofservice (DoS) and man-in-the-middle attacks. Currently proposed spoofing prevention approaches either focus on protecting only the target of such attacks and not the routing fabric used to forward spoofed packets, or fail under commonly occurring situations like path asymmetry. With incremental deployability in mind, this paper presents two complementary hop-wise packet tagging approaches that equip the routers to drop spoofed packets close to their point of origin. Our simulations show that these approaches dramatically reduce the amount of spoofing possible even under partial deployment.
Craig A. Shue, Minaxi Gupta, Matthew P. Davy
Added 09 Dec 2010
Updated 09 Dec 2010
Type Journal
Year 2008
Where CN
Authors Craig A. Shue, Minaxi Gupta, Matthew P. Davy
Comments (0)