Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > projects : spoofer

Seeking to minimize Internet's susceptibility to spoofed DDoS attacks, we are developing and supporting open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices. This project includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service.

We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a network's ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts. The system measures different types of forged addresses, including private and neighboring addresses. The test results will allow us to analyze characteristics of networks deploying source address validation (e.g., network location, business type).

|   Spoofer Project Page    Download    FAQ   |
|   Data:    Stats Summary    Recent Tests    Results by AS    Results by Country   |


We generate a summary report on the current "state" of Internet IP source address spoofing/filtering using data from an active measurement tool. Thus far, we've collected data from thousands of clients, networks and providers. More details and published results from our research are also available.

Download Software Client

Please help! By downloading and running our software, you'll help advance the collective understanding of how to better protect the Internet. See screenshots of the tester in action, and a FAQ if you have questions. The following client packages are available. The sources should compile on any POSIX system. Please contact the mailing list with any issues or questions.

Spoofer-1.0.6-win32.exeWindows Binary Installer (signed)2751b5e23a1a946a24b3a0c81609bec6a35511c4
Spoofer-1.0.6-macosx.pkgMac OSX Binary Installer (signed)4998a550d1563b29ae1b2f8aa38a3c6532305c16
Spoofer-1.0.6-ubuntu-16.04 PPAUbuntu 16.04 Package (signed)apt-add-repository ppa:matthewluckie/spoofer
Spoofer-1.0.6-ubuntu-14.04.tar.gzUbuntu 14.04 Package (unsigned)d1413bbab8c9aab959bdd9548fb1c84fde76ad05
spoofer-1.0.6.tar.gzSource Codec36c1e9078f6a731db9a9e92f41f6bd5fc086923

Why does IP spoofing matter?

Our FAQ covers common questions about spoofing relevance. The IP spoofing vulnerability is the most fundamental vulnerability of the TCP/IP architecture, which has proven remarkably scalable, in part due to the design choice to leave responsibility for security to the end hosts. Thus, the TCP/IP Internet architecture includes no explicit notion of authenticity. New spoofing-based attacks regularly appear (most recently against the DNS infrastructure) despite decades of previous exploits and prevention/tracing attempts. Current spoofing prevention mechanisms suffer from incentive issues (employing filtering does not prevent a provider from receiving spoofed source packets), deployment difficulty and management complexity. Our research seeks to inform architectural design, and security and policy mechanisms for preventing future attacks.


The spoofer program attempts to send a series of spoofed UDP packets to servers distributed throughout the world. These packets are designed to test:

  • Different classes of spoofed IPv4 and IPv6 addresses, including private and routable
  • Ability to spoof neighboring, adjacent addresses (IPv4 only)
  • Where along the path filtering is observed (IPv4 only)
  • Presence of a NAT device along the path (IPv4 and IPv6)

Spoofer in the News


Development Team


We welcome questions and feedback to the Spoofer Information Mailing List and invite users to join the Spoofer Users Mailing List for discussion and announcements.

Funding support

Project supported by DHS Science and Technology; originally invented and hosted by MIT ANA.

  Last Modified: Tue Oct-18-2016 02:08:54 PDT
  Page URL: