Academic
Publications
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing,D. Senie

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing   (Citations: 447)
BibTex | RIS | RefWorks Download
Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point.
Published in 2000.
Cumulative Annual
    • ...From packet losses, the authors infer the existence of ingress filtering [2] in the volunteer’s networks, which drops outgoing traffic carrying addresses not assigned to the deploying network...
    • ...ING [2] associates all addresses in the deploying network with the outgoing direction of packets, and the rest of the addresses with the incoming direction...
    • ...Since we reproduce Internet topology at the AS-level, we mimic router-level hop counts by associating a random hop count chosen from [1], [2], [3], [4] inclusively, with each AS-AS link...

    Jelena Mirkovicet al. Comparative Evaluation of Spoofing Defenses

    • ...<{[SECTION]}>research efforts, such as Ingress Filtering [2] , DPF [3] , SAVE [4] ,...

    Pengxu Tanet al. A hierarchical source address validation technique based on cryptograp...

    • ...Another avenue of defense is filtering based schemes [1], [13], [14], [15], [16], [17], [18]...
    • ...Consequently, several proposals ([13], [14], [18]) were raised to tackle source address spoofing...

    Quan Jiaet al. CapMan: Capability-Based Defense against MultiPath Denial of Service (...

    • ...Some of the existing mechanisms such as ingress filtering [8], rate limiting, traceback [9] tools or scrubbers 1 are commonly used in practice...

    Paul Giuraet al. The Security Cost of Content Distribution Network Architectures

    • ...The simplest approach is to prevent spoofed packets from traversing the network using filtering techniques [10]...
    • ...Nevertheless, by the curve with 0.05% of attacking-ASes, we realize that the probabilistic system does not scale so well, because the range of attackers changed from [2,10] to [10,50], which already implies a high number of false positives...
    • ...Nevertheless, by the curve with 0.05% of attacking-ASes, we realize that the probabilistic system does not scale so well, because the range of attackers changed from [2,10] to [10,50], which already implies a high number of false positives...

    Marcelo D. D. Moreiraet al. A Stateless Traceback Technique for Identifying the Origin of Attacks ...

Sort by: