Spoofer: Software Systems for Surveying Spoofing Susceptibility
Seeking to minimize Internet's susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.
Principal Investigators: kc claffy Matthew Luckie
Funding source: D15PC00188 Period of performance: August 3, 2015 - July 31, 2018.
Statement of WorkThe proposed effort includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service. Tasks and deliverables for the entire project are separated into three periods:
- Period I : Applied Research and Development
- Period II : Development
- Period III : Development and Technology Demonstration
Period I: Applied Research and Development (8 months, August 1, 2015 - March 31, 2016) - completed
Period II: Development (12 months, April 1, 2016 - March 31, 2017) - completed
Period III: Development and Technology Demonstration (16 months, April 1, 2017 - July 31, 2018)
|Task 1: Refine client-server SAV testing technology and reports according to experiences and feedback, with continuing releases as necessary|
|1.1||Enhance reporting system to report properties of networks that have received spoofed packets|
|1.2||Share the reports privately with affected networks|
|1.3||Build traceroute-based software to identify networks forwarding spoofed packets|
|1.4||Support and develop our client-server testing technology based on continuing feedback from network operators, policy makers, and DHS|
|1.5||Incorporate new data into our reporting system|
|1.6||Produce focused reports for network operator groups|
|1.7||Explore additional measurement technologies and data sources suitable for adapting and integrating into a general-purpose network hygiene system (reputation blacklists, presence of possible DDoS amplification vectors: open resolvers, NTP servers, SNMP servers)|
|Task 2: Develop software client for deployment in resource-constrained open-source home routers|
|2.1||Build functionality to test SAV deployment of access providing networks on a weekly basis into OpenWrt, a Linux-based open-source router firmware|
|2.2||Optimize the client software for resource-constrained home-router environments by incorporating the most relevant features and utilizing libraries designed for embedded environments|
|2.3||Test software in the BISmark home router infrastructure to gain real-world experience before seeking broader deployment|
|2.4||Integrate a web-based SAV reporting engine into the existing web-based interface on OpenWrt routers|
Milestones and Deliverables (Period III)
|1||Include information about clients receiving spoofed packets into the reporting system||Software: Updated reporting system||Aug 1, 2017||done|
|2||Release software identifying a lack of ingress filtering by providers||Tool to measure ISP SAV deployment||Dec 1, 2017||done|
|3||Report: status of spoofing remediation efforts||Apr 1, 2018|
|4||Release OpenWrt client software to test SAV best practices of access providers||Software: Client for home routers||Apr 1, 2018|
|5||Release updated client-server SAV testing software||Software: final release||Jun 1, 2018|
|6||Final report including SAV compliance trends and areas to focus on||Jul 31 2018|
Acknowledgment of awarding agency's support
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD) BAA HSHQDC-14-R-B0005, and the Government of United Kingdom of Great Britain and Northern Ireland via contract number D15PC00188.
The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security, the U.S. Government, or the Government of United Kingdom of Great Britain and Northern Ireland.
Seeking to minimize Internet’s susceptibility to spoofed DDoS attacks, we will develop, build, and operate multiple open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.
The proposal “Software Systems for Surveying Spoofing Susceptibility”