Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > projects : ark : aup : spoofer
Archipelago (Ark) Acceptable Use Policy (AUP) for the Spoofer Project
We are studying an empirical Internet question central to its security, stability, and sustainability: how many networks allow packets with spoofed (fake) IP addresses to leave their network destined for the global Internet? In collaboration with MIT, we have designed an Ark experiment that enables the most rigorous analysis of the prevalence of IP spoofing thus far, and we need your permission for a new type of Ark measurement to support this study.

Archipelago Acceptable Use Policy (AUP) for the Spoofer Project

It must be made clear that ARK Monitors will not spoof any IP packets, nor will they send any new probes for this experiment beyond normal traceroutes to participating clients. The role of Ark monitors in this study is to RECEIVE potentially spoofed traffic sent by users volunteering to participate in our study. Participating users download the spoofer client software from, and the tool sends spoofed UDP-based probes from the user's own machine to an Ark monitor. If the spoofed traffic reaches the Ark monitor, the monitor forwards it on to the analysis server at MIT.

In this experiment, incoming UDP traffic to Ark nodes will have destination port 53, so we can only use Ark monitors that allow traffic to port 53. So, any firewall between Ark and the Internet must:

  • allow FROM any address, at any port TO the ark monitor at your site at port 53

We rate-limit the total incoming measurement traffic from all clients to an average of 30kbps over any minute. THERE WILL BE NO NEW OUTGOING CONNECTIONS OR PROBES, and only CAIDA researchers will develop and deploy software on Ark nodes.

Rob Beverly began the Spoofer project in 2005 as a Phd student at MIT, using a single server at MIT to receive spoofed traffic. The Ark infrastructure allows us to increase the precision and accuracy of his IP spoofing survey to unprecedented levels, at a time when the question is resurfacing simultaneously in operational, policy, and law enforcement communities. The more Ark monitors we have participating, the more accurate our assessments of spoofing capabilities will be.

Please send a message to if you are interested in participating and whether you approve of the broader usage under Archipelago. Also, please let us know if you find certain specific usages to be unacceptable (for example, because of the AUP you yourself must work under) but are otherwise willing to participate. In most cases, we can work with you to define a narrower set of acceptable activities for your particular node.

For further information on the Spoofer Project, see:

  Last Modified: Tue Oct-13-2020 22:21:39 UTC
  Page URL: