Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : papers : 2009 : imc_spoofer
Understanding the Efficacy of Deployed Internet Source Address Validation Filtering
R. Beverly, A. Berger, Y. Hyun, and k. claffy, "Understanding the Efficacy of Deployed Internet Source Address Validation Filtering", in ACM Internet Measurement Conference (IMC), Nov 2009.
|   View full paper:    PDF    Data Supplement    |  Citation:    BibTeX    Resource Catalog   |

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering

Robert Beverly2
Arthur Berger2
Young Hyun1
kc claffy1

CAIDA, San Diego Supercomputer Center, University of California San Diego


Massachusetts Institute of Technology's Computer Science & Artificial Intelligence Laboratory (MIT/CSAIL)

IP source address forgery, or "spoofing," is a long-recognized consequence of the Internet's lack of packet-level authenticity. Despite historical precedent and filtering and tracing efforts, attackers continue to utilize spoofing for anonymity, indirection, and amplification. Using a distributed infrastructure and approximately 12,000 active measurement clients, we collect data on the prevalence and efficacy of current best practice source address validation techniques. Of clients able to test their provider's source-address filtering rules, we find 31% able to successfully spoof an arbitrary, routable source address, while 77% of clients otherwise unable to spoof can forge an address within their own /24 subnetwork. We uncover significant differences in filtering depending upon network geographic region, type, and size. Our new tracefilter tool for filter location inference finds 80% of filters implemented a single IP hop from sources, with over 95% of blocked packets observably filtered within the source's autonomous system. Finally, we provide initial longitudinal results on the evolution of spoofing revealing no mitigation improvement over four years of measurement. Our analysis provides an empirical basis for evaluating incentive and coordination issues surrounding existing and future Internet packet authentication strategies.

Keywords: measurement methodology, policy, routing, security, topology, trends
  Last Modified: Tue Nov-17-2020 04:47:07 UTC
  Page URL: