Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2009 : imc_spoofer
Understanding the Efficacy of Deployed Internet Source Address Validation Filtering
R. Beverly, A. Berger, Y. Hyun, and k. claffy, "Understanding the Efficacy of Deployed Internet Source Address Validation Filtering", in Internet Measurement Conference (IMC), Nov 2009.
|   View full paper:    Data Supplement    PDF    |  Citation:    BibTeX   |

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering

Robert Beverly 2
Arthur Berger 2
Young Hyun 1
kc claffy 1
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

Computer Science and Artificial Intelligence Laboratory - CSAIL, Massachusetts Institute of Technology

IP source address forgery, or "spoofing," is a long-recognized consequence of the Internet's lack of packet-level authenticity. Despite historical precedent and filtering and tracing efforts, attackers continue to utilize spoofing for anonymity, indirection, and amplification. Using a distributed infrastructure and approximately 12,000 active measurement clients, we collect data on the prevalence and efficacy of current best practice source address validation techniques. Of clients able to test their provider's source-address filtering rules, we find 31% able to successfully spoof an arbitrary, routable source address, while 77% of clients otherwise unable to spoof can forge an address within their own /24 subnetwork. We uncover significant differences in filtering depending upon network geographic region, type, and size. Our new tracefilter tool for filter location inference finds 80% of filters implemented a single IP hop from sources, with over 95% of blocked packets observably filtered within the source's autonomous system. Finally, we provide initial longitudinal results on the evolution of spoofing revealing no mitigation improvement over four years of measurement. Our analysis provides an empirical basis for evaluating incentive and coordination issues surrounding existing and future Internet packet authentication strategies.

Keywords: measurement methodology, policy, routing, security, topology, trends
  Last Modified: Thu Jul-13-2017 13:01:01 PDT
  Page URL: http://www.caida.org/publications/papers/2009/imc_spoofer/index.xml