What are the basic issues that “anti-spoofing technologies” are trying to prevent? What are the problems caused by the spoofing of IP addresses? We recommend you start with these resources:
- BCP 38 – “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”
- BCP 84 – “Ingress Filtering for Multihomed Networks”
- ICANN SSAC 004 – “Securing the Edge”
- RIPE Anti-Spoofing Task Force HOW-TO
- BGP Security Best Practices, FCC CSRIC III WG4 Final Report
- Andrei Robachevsky: Can we stop IP-spoofing in the Internet?
Andrei discusses a panel that took place at RIPE 66 in May 2013 where a number of routing securit experts explored the questions around anti-spoofing. Andrei writes about the challenges that were identified and suggest a path forward for how we may collectively address the issues.
- David Freedman: Why I’m Practicing Anti-Spoofing
David talks about what motivates him to implement anti-spoofing measures and why it is important that more in the industry show zero-tolerance to IP address spoofing. He describes what’s in his network operator’s toolkit and how he applies these tools. He also touches on what holds some of his peers back from implementing ant-spoofing. “Reflection attacks today are effective mainly because service providers are ignoring (or otherwise not employing) filtering recommendations; this acts, I feel, to the detriment of us all.”
- Benno Overeinder: Measuring Spoofed Traffic
How much of DDoS traffic is generated by spoofed reflection attacks? What is the frequency and the impact of such attacks? And where are the origins of such traffic. Benno looks through several security reports and analyzes statistics presented there. “Considering the trend in attacks and their impact, aggravated by the low cost to mount an attack and their untraceability, it is high time for a wider community action. Every effort can help.”
- Robert Beverly: Initial Longitudinal Analysis of IP Source Spoofing Capability on the Internet
Robert is behind the Spoofer project, started in 2005, which measures the Internet’s susceptibility to spoofed source address IP packets. He looks at statistics collected by the project and analyzes the trends. He also describes the measurements and future plans “to promote network hygiene and continue to usefully inform not only technical anti-source spoofing efforts, but also debate and policy surrounding IP spoofing.
Have suggestions for other questions you’d like to see us answer here? Please let us know!