Title :
Validating packet origin using external route information
Author :
Saito, Meidai ; Ishibashi, Keisuke
Author_Institution :
Police Info-Commun. Res. Center, Nat. Police Acad., Tokyo, Japan
Abstract :
URPF is a widely used technology for filtering source IP spoofed packets by using route information. With uRPF filtering, a router automatically updates filtering rules based on its route information and does not require manual changes by operators. However, uRPF, specifically when it is in strict mode, has a drawback in that it may incorrectly detect packets as spoofed when a route is asymmetric, i.e., the routes from and to the sender are different from each other. This is due to uRPF using the internal (receiving router´s own) route information. In this paper, we present a method for filtering using external route information. Here, external means that the route information of sender routers is included. Generally, however, the route information of sender routers is not available. Thus, we use publicly available route information, which is provided by research projects, and infer the route information of sender routers.
Keywords :
IP networks; filtering theory; telecommunication network routing; telecommunication security; cyber attacks; distributed denial of service; external route information; packet origin validation; source IP spoofed packets; uRPF filtering; Communication system traffic control; Computer crime; Electronic mail; Information filtering; Information filters; Laboratories; Network servers; Reflection; Routing; Web and internet services; IP Spoofing uRPF Filtering BGP;
Conference_Titel :
Information and Telecommunication Technologies (APSITT), 2010 8th Asia-Pacific Symposium on
Conference_Location :
Kuching
Print_ISBN :
978-1-4244-6413-5
Electronic_ISBN :
978-4-88552-244-4
