DocumentCode
393367
Title
Detecting spoofed packets
Author
Templeton, Steven J. ; Levitt, Karl E.
Author_Institution
Dept. of Comput. Sci., California Univ., Davis, CA, USA
Volume
1
fYear
2003
fDate
22-24 April 2003
Firstpage
164
Abstract
Packets sent using the IP protocol include the IP address of the sending host. The recipient directs replies to the sender using this source address. However, the correctness of this address is not verified by the protocol. The IP protocol specifies no method for validating the authenticity of the packet´s source. This implies that an attacker can forge the source address to be any desired. This is almost exclusively done for malicious or at least inappropriate purposes. Given that attackers can exploit this weakness for many attacks, it would be beneficial to know if network traffic has spoofed source addresses. This knowledge can be particularly useful as an adjunct to reduce false positive from intrusion detection systems. This paper discusses attacks using spoofed packets and a wide variety of methods for detecting spoofed packets. These include both active and passive host-based methods as well as the more commonly discussed routing-based methods. Additionally, we present the results of experiments to verify the effectiveness of passive methods.
Keywords
IP networks; security of data; telecommunication security; telecommunication traffic; transport protocols; IP address; IP protocol; active host-based methods; intrusion detection systems; network traffic; passive host-based methods; routing-based methods; spoofed packet detection; spoofed source addresses; Computer science; Ethernet networks; Intrusion detection; Probes; Protocols; Routing; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN
0-7695-1897-4
Type
conf
DOI
10.1109/DISCEX.2003.1194882
Filename
1194882
Link To Document