Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > funding : spoofer
Software Systems for Surveying Spoofing Susceptibility
Sponsored by:
Department of Homeland Security (DHS)
Seeking to minimize Internet's susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.

Funding source: DHS S&T contract D15PC00188. Period of performance: August 3, 2015 - March 31, 2017; April 1, 2017 - July 31, 2018 (optional).

|   Statement of Work     Proposal    Spoofer Project Page   |

Statement of Work

The proposed effort includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service. Tasks and deliverables for the entire project are separated into three periods:
  •  Period I : Applied Research and Development
  •  Period II : Development
  •  Period III : Development and Technology Demonstration

Period I: Applied Research and Development (8 months, August 1, 2015 - March 31, 2016) - completed


Period II: Development (12 months, April 1, 2016 - March 31, 2017) - completed


Period III: Development and Technology Demonstration (16 months, April 1, 2017 - July 31, 2018)

Task 1: Refine client-server SAV testing technology and reports according to experiences and feedback, with continuing releases as necessary
1.1Enhance reporting system to report properties of networks that have received spoofed packets
1.2Share the reports privately with affected networks
1.3Build traceroute-based software to identify networks forwarding spoofed packets
1.4Support and develop our client-server testing technology based on continuing feedback from network operators, policy makers, and DHS
1.5Incorporate new data into our reporting system
1.6Produce focused reports for network operator groups
1.7Explore additional measurement technologies and data sources suitable for adapting and integrating into a general-purpose network hygiene system (reputation blacklists, presence of possible DDoS amplification vectors: open resolvers, NTP servers, SNMP servers)
Task 2: Develop software client for deployment in resource-constrained open-source home routers
2.1Build functionality to test SAV deployment of access providing networks on a weekly basis into OpenWrt, a Linux-based open-source router firmware
2.2Optimize the client software for resource-constrained home-router environments by incorporating the most relevant features and utilizing libraries designed for embedded environments
2.3Test software in the BISmark home router infrastructure to gain real-world experience before seeking broader deployment
2.4Integrate a web-based SAV reporting engine into the existing web-based interface on OpenWrt routers

Milestones and Deliverables (Period III)

#MilestoneDeliverableDateStatus
1Include information about clients receiving spoofed packets into the reporting systemSoftware: Updated reporting system Aug 1, 2017
2Release software identifying a lack of ingress filtering by providersTool to measure ISP SAV deploymentDec 1, 2017
3Report: status of spoofing remediation effortsApr 1, 2018
4Release OpenWrt client software to test SAV best practices of access providersSoftware: Client for home routers Apr 1, 2018
5Release updated client-server SAV testing softwareSoftware: final releaseJun 1, 2018
6Final report including SAV compliance trends and areas to focus onJul 31 2018

Acknowledgement of awarding agency's support

This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD) BAA HSHQDC-14-R-B0005, and the Government of United Kingdom of Great Britain and Northern Ireland via contract number D15PC00188.

The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security, the U.S. Government, or the Government of United Kingdom of Great Britain and Northern Ireland.

  Last Modified: Tue May-30-2017 13:02:55 PDT
  Page URL: http://www.caida.org/funding/spoofer/index.xml