Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > funding : spoofer : sow-completed.xml
Software Systems for Surveying Spoofing Susceptibility
Sponsored by:
Department of Homeland Security (DHS)
Seeking to minimize Internet's susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.

Funding source: DHS S&T contract D15PC00188. Period of performance: August 3, 2015 - March 31, 2017; April 1, 2017 - July 31, 2018 (optional).

|   Statement of Work     Proposal    Spoofer Project Page   |

Statement of Work (Completed)

Period I: Applied Research and Development (8 months, August 1, 2015 - March 31, 2016)

Task 1: Develop and deploy new client-server SAV testing system
1.1Develop an extensible JSON-based structured data communications protocol for negotiating and coordinating complex spoofed packets measurements between the client and our server.

(a) set probing parameters (e.g., where to send spoofed packets, how to encode packets, etc.)
(b) encode traceroute measurements to determine the location of SAV filters
(c) report test results back to the client
1.2Develop and release server software to be easily deployed by network operators for scheduling and coordinating SAV measurements, and transmitting results to a database
1.3Deploy a server instance at CAIDA to support a public view of SAV deployment
1.4Develop and release client software.

(a) can run in the background on Windows, MacOS, and UNIX-like systems
(b) regularly (weekly) test the ability to send and receive spoofed packets
(c) include intuitive GUI to communicate results to the user
(d)support opportunistic measurement by mobile laptops
(e) use link-layer sockets to send spoofed packets as complete Ethernet frames
(f) implement traceroute to help determine the location of SAV filtering
Task 2: Develop and deploy new reporting system to focus SAV compliance attention
2.1Build a reporting engine that will correlate coverage of SAV tests with various characteristics of tested networks: type (e.g., access, transit), country of operation, IP reputation, their country's transparency of governance
2.2Generate ingress access lists for all stub ASes that a transit provider could validate and deploy
2.3Identify the fraction of customers of each transit provider in each region that have been observed spoofing packets
2.4Identify transit providers who should be encouraged to deploy our ingress access lists
2.5Build a public website to report per-network test outcomes, highlighting the most recent tests, on the specialized server at CAIDA
2.6Enable privacy-preserving features to anonymize individual IP addresses when necessary
2.7Add a searching functionality to allow any user to query for results for any network
2.8Incorporate our stakeholder-focused analysis into the public website
Task 3: Research use of IXPs as a vantage point for SAV best practice assessment
3.1Investigate methods to automatically build lists of customer cone prefixes belonging to IXP participants
3.2Identify IXP participants with inadequate SAV deployment by analyzing packets captured at anycast DNS root-server instances deployed at IXPs and finding source addresses outside of the customer cones
3.3Demonstrate to IXPs the measurement capabilities that can illuminate the SAV hygiene practices of their participating networks

Milestones and Deliverables (Period I)

1Report: Extensible client-server protocolNov 1, 2015done
2Develop initial prototypes of client and server softwareDec 1, 2015done
3Deploy a supported instance of server software at CAIDAFeb 1, 2016done
4Evaluate utility of DNS root-server data to obtain external view of IXP hygieneReport: Spoofed traffic to DNS root-serversFeb 1, 2016done
5Deploy public website to show outcomes of testsSoftware: Public websiteMar 31, 2016done
6Final ReportMar 31, 2016done
  Last Modified: Mon Jun-20-2016 13:38:27 PDT
  Page URL: