Abstract

Forcing all IP packets to carry correct source addresses can greatly help network security, attack tracing, and network problem debugging. However, due to asymmetries in today's Internet routing, routers do not have readily available information to verify the correctness of the source address for each incoming packet. In this paper we describe a new protocol, named SAVE, that can provide routers with the information needed for source address validation. SAVE messages propagate valid source address information from the source location to all destinations, allowing each router along the way to build an incoming table that associates each incoming interface of the router with a set of valid source address blocks. This paper presents the protocol design and evaluates its correctness and performance by simulation experiments. The paper also discusses the issues of protocol security, the effectiveness of partial SAVE …

Date

June 23, 2002

Authors

Jun Li, Jelena Mirkovic, Mengqiu Wang, Peter Reiher, Lixia Zhang

Conference

Proceedings. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies

Volume

3

Pages

1557-1566

Publisher

IEEE