Title :
Detecting spoofed packets
Author :
Templeton, Steven J. ; Levitt, Karl E.
Author_Institution :
Dept. of Comput. Sci., California Univ., Davis, CA, USA
Abstract :
Packets sent using the IP protocol include the IP address of the sending host. The recipient directs replies to the sender using this source address. However, the correctness of this address is not verified by the protocol. The IP protocol specifies no method for validating the authenticity of the packet´s source. This implies that an attacker can forge the source address to be any desired. This is almost exclusively done for malicious or at least inappropriate purposes. Given that attackers can exploit this weakness for many attacks, it would be beneficial to know if network traffic has spoofed source addresses. This knowledge can be particularly useful as an adjunct to reduce false positive from intrusion detection systems. This paper discusses attacks using spoofed packets and a wide variety of methods for detecting spoofed packets. These include both active and passive host-based methods as well as the more commonly discussed routing-based methods. Additionally, we present the results of experiments to verify the effectiveness of passive methods.
Keywords :
IP networks; security of data; telecommunication security; telecommunication traffic; transport protocols; IP address; IP protocol; active host-based methods; intrusion detection systems; network traffic; passive host-based methods; routing-based methods; spoofed packet detection; spoofed source addresses; Computer science; Ethernet networks; Intrusion detection; Probes; Protocols; Routing; Telecommunication traffic;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194882
