Show simple item record  

dc.contributor.authorLone, Qasimen_NZ
dc.contributor.authorLuckie, Matthew Johnen_NZ
dc.contributor.authorKorczyński, Maciejen_NZ
dc.contributor.authorvan Eeten, Michelen_NZ
dc.contributor.editorKaafar, M.A.en_NZ
dc.contributor.editorUhlig, S.en_NZ
dc.contributor.editorAmann, J.en_NZ
dc.coverage.spatialCham, Switzerlanden_NZ
dc.date.accessioned2017-05-12T02:38:21Z
dc.date.available2017en_NZ
dc.date.available2017-05-12T02:38:21Z
dc.date.issued2017en_NZ
dc.identifier.citationLone, Q., Luckie, M. J., Korczyński, M., & van Eeten, M. (2017). Using loops observed in Traceroute to infer the ability to Spoof. In M. A. Kaafar, S. Uhlig, & J. Amann (Eds.), Proceedings of 18th International Conference on Passive and Active Measurement (Vol. LNCS 10176, pp. 229–241). Cham, Switzerland: Springer. https://doi.org/10.1007/978-3-319-54328-4_17en
dc.identifier.isbn978-3-319-54328-4en_NZ
dc.identifier.urihttp://hdl.handle.net/10289/11042
dc.description.abstractDespite source IP address spoofing being a known vulnerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a popular attack method for redirection, amplification, and anonymity. To defeat these attacks requires operators to ensure their networks filter packets with spoofed source IP addresses, known as source address validation (SAV), best deployed at the edge of the network where traffic originates. In this paper, we present a new method using routing loops appearing in traceroute data to infer inadequate SAV at the transit provider edge, where a provider does not filter traffic that should not have come from the customer. Our method does not require a vantage point within the customer network. We present and validate an algorithm that identifies at Internet scale which loops imply a lack of ingress filtering by providers. We found 703 provider ASes that do not implement ingress filtering on at least one of their links for 1,780 customer ASes. Most of these observations are unique compared to the existing methods of the Spoofer and Open Resolver projects. By increasing the visibility of the networks that allow spoofing, we aim to strengthen the incentives for the adoption of SAV.
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.publisherSpringeren_NZ
dc.rights© 2016 Springer .This is the author's accepted version. The final publication is available at Springer via dx.doi.org/10.1007/978-3-319-54328-4_17
dc.sourcePAM 2017en_NZ
dc.titleUsing loops observed in Traceroute to infer the ability to Spoofen_NZ
dc.typeConference Contribution
dc.identifier.doi10.1007/978-3-319-54328-4_17en_NZ
dc.relation.isPartOfProceedings of 18th International Conference on Passive and Active Measurementen_NZ
pubs.begin-page229
pubs.elements-id193645
pubs.end-page241
pubs.finish-date2017-03-31en_NZ
pubs.organisational-group/Waikato
pubs.organisational-group/Waikato/2018 PBRF
pubs.organisational-group/Waikato/FCMS
pubs.organisational-group/Waikato/FCMS/2018 PBRF - FCMS
pubs.organisational-group/Waikato/FCMS/Computer Science
pubs.start-date2017-03-30en_NZ
pubs.volumeLNCS 10176en_NZ


Files in this item

This item appears in the following Collection(s)

Show simple item record