Abstract

IP spoofing exacerbates many security threats. While many contemporary attacks do not exploit spoofing, a large number still do—thus eliminating or reducing spoofing would greatly enhance Internet security. Seven spoofing defenses have been proposed to date; three defenses are designed for end-network deployment, while four assume some collaboration with core routers for packet marking or filtering. Because each defense has been evaluated in a unique setting, the following important questions remain unanswered:(1) can end networks effectively protect themselves or is core support necessary,(2) which defense performs best assuming sparse deployment,(3) how to select core deployment points to achieve best protection at lowest cost. This paper answers the above questions by:(1) formalizing the problem of spoofed traffic filtering and defining novel effectiveness measures,(2) observing each defense as selfish (it helps its participants) or altruistic (it helps everyone) and specifying different performance goals for each type,(3) defining optimal core deployment points for defenses that need core support, and (4) evaluating all defenses in a common and realistic setting. Our results offer valuable insights into advantages and limitations of the proposed defenses, and uncover the relationship between any spoofing defense’s performance and the Internet topology features.

Date

March 14, 2026

Authors

Ezra Kissel, J Mirkovic

Journal

Proceedings of IEEE Transactions on Dependable and Secure Computing

Pages

218-232