Research Commons
      • Browse 
        • Communities & Collections
        • Titles
        • Authors
        • By Issue Date
        • Subjects
        • Types
        • Series
      • Help 
        • About
        • Collection Policy
        • OA Mandate Guidelines
        • Guidelines FAQ
        • Contact Us
      • My Account 
        • Sign In
        • Register
      View Item 
      •   Research Commons
      • University of Waikato Research
      • Computing and Mathematical Sciences
      • Computing and Mathematical Sciences Papers
      • View Item
      •   Research Commons
      • University of Waikato Research
      • Computing and Mathematical Sciences
      • Computing and Mathematical Sciences Papers
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Using loops observed in Traceroute to infer the ability to Spoof

      Lone, Qasim; Luckie, Matthew John; Korczyński, Maciej; van Eeten, Michel
      Thumbnail
      Files
      using_loops_observed_traceroute.pdf
      Accepted version, 312.2Kb
      DOI
       10.1007/978-3-319-54328-4_17
      Find in your library  
      Citation
      Export citation
      Lone, Q., Luckie, M. J., Korczyński, M., & van Eeten, M. (2017). Using loops observed in Traceroute to infer the ability to Spoof. In M. A. Kaafar, S. Uhlig, & J. Amann (Eds.), Proceedings of 18th International Conference on Passive and Active Measurement (Vol. LNCS 10176, pp. 229–241). Cham, Switzerland: Springer. https://doi.org/10.1007/978-3-319-54328-4_17
      Permanent Research Commons link: https://hdl.handle.net/10289/11042
      Abstract
      Despite source IP address spoofing being a known vulnerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a popular attack method for redirection, amplification, and anonymity. To defeat these attacks requires operators to ensure their networks filter packets with spoofed source IP addresses, known as source address validation (SAV), best deployed at the edge of the network where traffic originates. In this paper, we present a new method using routing loops appearing in traceroute data to infer inadequate SAV at the transit provider edge, where a provider does not filter traffic that should not have come from the customer. Our method does not require a vantage point within the customer network. We present and validate an algorithm that identifies at Internet scale which loops imply a lack of ingress filtering by providers. We found 703 provider ASes that do not implement ingress filtering on at least one of their links for 1,780 customer ASes. Most of these observations are unique compared to the existing methods of the Spoofer and Open Resolver projects. By increasing the visibility of the networks that allow spoofing, we aim to strengthen the incentives for the adoption of SAV.
      Date
      2017
      Type
      Conference Contribution
      Publisher
      Springer
      Rights
      © 2016 Springer .This is the author's accepted version. The final publication is available at Springer via dx.doi.org/10.1007/978-3-319-54328-4_17
      Collections
      • Computing and Mathematical Sciences Papers [1455]
      Show full item record  

      Usage

      Downloads, last 12 months
      115
       
       
       

      Usage Statistics

      For this itemFor all of Research Commons

      The University of Waikato - Te Whare Wānanga o WaikatoFeedback and RequestsCopyright and Legal Statement