Abstract

IP spoofing exacerbates many security threats. If spoofing were eliminated or sufficiently reduced, defenses against DDoS, distributed scanning and intrusions would be much simplified and more effective. Of particular interest are spoofing defenses that will be both practical (cheap to deploy and operate) and effective (provide significant benefit in sparse deployment. This project develops two such defense mechanisms:(1) Clouseau, which enables routers on asymmetric paths to accurately infer associations between the route descriptor and the source address. It will support multiple associations (in case of multipath routing) and will promptly update associations when routes change. Clouseau will be integrated with two very effective spoofing defenses: route-based filtering and hop-count filtering, and will protect deploying networks from spoofed traffic.(2) RAD, which helps networks protect themselves from …

Date

January 1, 1970

Authors

Jelena Mirkovic

Journal

NSF Award Number 0823121. Directorate for Computer and Information Science and Engineering

Volume

8

Issue

823121

Pages

23121