Abstract
The lack of verifying source address in Internet makes it easy for attackers to spoof the source IP address. One of challenges of Internet has been recognized is building mechanisms in routers to verify the source address. This paper discusses Source Address Spoofing Prevention (SASP) mechanisms, presents a formal description on SASP network and SASP router, proposes a hierarchical SASP architecture, and presents some design principles of SASP mechanisms.
Chapter PDF
Similar content being viewed by others
References
Beverly, R., Bauer, S.: The Spoofer Project: Inferring the Extent of Source Address Filtering on the Internet. USENIX SRUTI (2005)
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC 2827 (May 2000)
Bellovin, S.: ICMP Traceback Messages, Internet Draft draft-bellovin-itrace-00.txt (March 2000)
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source Address Validity Enforcement Protocol. In: IEEE INFOCOM (2002)
Bremler, A., Levy, H.: Spoofing Prevention Method. In: IEEE INFOCOM 2005 (2005)
Park, K., Lee, H.: On the effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In: ACM SIGCOMM 2001 (2001)
Park, K., Lee, H.: On the effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: IEEE INFOCOM 2001 (2001)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: ACM SIGCOMM 2000 (2000)
Alex, S., Sanchez, L., Jones, C., Tchakountio, F., Schwartz, B., Kent, S., Strayer, W.: Single-Packet IP Traceback. In: ACM SIGCOM 2001 (2001)
Jin, C., Wang, H., Shin, K.: Hop-count Filtering: An Effective Defense Against Spoofed DDoS Traffic. In: ACM Conference on Computer and Communications Security 2003 (2003)
Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: IEEE Symposium on Security and Privacy 2003 (2003)
Yaar, A., Perrig, A., Song, D.: StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense. IEEE Journal on Selected Areas in Communications (2006)
Mirkovic, J., Xu, Z., Li, J., Schnader, M., Reiher, P., Zhang, L.: iSAVE: Incrementally Deployable Source Address Validation, UCLA technical report (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bi, J., Wu, J., Zhang, M. (2006). Enable a Trustworthy Network by Source Address Spoofing Prevention Routers: A Formal Description. In: Zhou, X., et al. Emerging Directions in Embedded and Ubiquitous Computing. EUC 2006. Lecture Notes in Computer Science, vol 4097. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11807964_69
Download citation
DOI: https://doi.org/10.1007/11807964_69
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36850-2
Online ISBN: 978-3-540-36851-9
eBook Packages: Computer ScienceComputer Science (R0)