• DocumentCode
    393367
  • Title

    Detecting spoofed packets

  • Author

    Templeton, Steven J. ; Levitt, Karl E.

  • Author_Institution
    Dept. of Comput. Sci., California Univ., Davis, CA, USA
  • Volume
    1
  • fYear
    2003
  • fDate
    22-24 April 2003
  • Firstpage
    164
  • Abstract
    Packets sent using the IP protocol include the IP address of the sending host. The recipient directs replies to the sender using this source address. However, the correctness of this address is not verified by the protocol. The IP protocol specifies no method for validating the authenticity of the packet´s source. This implies that an attacker can forge the source address to be any desired. This is almost exclusively done for malicious or at least inappropriate purposes. Given that attackers can exploit this weakness for many attacks, it would be beneficial to know if network traffic has spoofed source addresses. This knowledge can be particularly useful as an adjunct to reduce false positive from intrusion detection systems. This paper discusses attacks using spoofed packets and a wide variety of methods for detecting spoofed packets. These include both active and passive host-based methods as well as the more commonly discussed routing-based methods. Additionally, we present the results of experiments to verify the effectiveness of passive methods.
  • Keywords
    IP networks; security of data; telecommunication security; telecommunication traffic; transport protocols; IP address; IP protocol; active host-based methods; intrusion detection systems; network traffic; passive host-based methods; routing-based methods; spoofed packet detection; spoofed source addresses; Computer science; Ethernet networks; Intrusion detection; Probes; Protocols; Routing; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    DARPA Information Survivability Conference and Exposition, 2003. Proceedings
  • Print_ISBN
    0-7695-1897-4
  • Type

    conf

  • DOI
    10.1109/DISCEX.2003.1194882
  • Filename
    1194882