Spoofer: Software Systems for Surveying Spoofing Susceptibility

Seeking to minimize Internet's susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.

Sponsored by:
Department of Homeland Security (DHS)

Principal Investigators: kc claffy Matthew Luckie

Funding source:  DHS S&T contract D15PC00188 Period of performance: August 3, 2015 - July 31, 2018.


Statement of Work

The proposed effort includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service. Tasks and deliverables for the entire project are separated into three periods:
  •  Period I : Applied Research and Development
  •  Period II : Development
  •  Period III : Development and Technology Demonstration

Period I: Applied Research and Development (8 months, August 1, 2015 - March 31, 2016) - completed


Period II: Development (12 months, April 1, 2016 - March 31, 2017) - completed


Period III: Development and Technology Demonstration (16 months, April 1, 2017 - July 31, 2018)

Task 1: Refine client-server SAV testing technology and reports according to experiences and feedback, with continuing releases as necessary
1.1 Enhance reporting system to report properties of networks that have received spoofed packets
1.2 Share the reports privately with affected networks
1.3 Build traceroute-based software to identify networks forwarding spoofed packets
1.4 Support and develop our client-server testing technology based on continuing feedback from network operators, policy makers, and DHS
1.5 Incorporate new data into our reporting system
1.6 Produce focused reports for network operator groups
1.7 Explore additional measurement technologies and data sources suitable for adapting and integrating into a general-purpose network hygiene system (reputation blacklists, presence of possible DDoS amplification vectors: open resolvers, NTP servers, SNMP servers)
Task 2: Develop software client for deployment in resource-constrained open-source home routers
2.1 Build functionality to test SAV deployment of access providing networks on a weekly basis into OpenWrt, a Linux-based open-source router firmware
2.2 Optimize the client software for resource-constrained home-router environments by incorporating the most relevant features and utilizing libraries designed for embedded environments
2.3 Test software in the BISmark home router infrastructure to gain real-world experience before seeking broader deployment
2.4 Integrate a web-based SAV reporting engine into the existing web-based interface on OpenWrt routers

Milestones and Deliverables (Period III)

# Milestone Deliverable Date Status
1 Include information about clients receiving spoofed packets into the reporting system Software: Updated reporting system Aug 1, 2017 done
2 Release software identifying a lack of ingress filtering by providers Tool to measure ISP SAV deployment Dec 1, 2017 done
3 Report: status of spoofing remediation efforts Apr 1, 2018
4 Release OpenWrt client software to test SAV best practices of access providers Software: Client for home routers Apr 1, 2018
5 Release updated client-server SAV testing software Software: final release Jun 1, 2018
6 Final report including SAV compliance trends and areas to focus on Jul 31 2018

Acknowledgement of awarding agency's support

This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD) BAA HSHQDC-14-R-B0005, and the Government of United Kingdom of Great Britain and Northern Ireland via contract number D15PC00188.

The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security, the U.S. Government, or the Government of United Kingdom of Great Britain and Northern Ireland.


Additional Content

Software Systems for Surveying Spoofing Susceptibility

Seeking to minimize Internet’s susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.

Spoofer: Software Systems for Surveying Spoofing Susceptibility

The proposal “Software Systems for Surveying Spoofing Susceptibility”

Published
Last Modified