Professional Documents
Culture Documents
Constructing Inter-Domain Packet Filters To Control IP Spoofing Based On BGP Updates
Constructing Inter-Domain Packet Filters To Control IP Spoofing Based On BGP Updates
Jaideep Chandrashekar
Department of Computer Science
University of Minnesota
• IP spoofing:
B
A X Y C
A X Y C
D
– One can fake the identity, but not the route.
– A router can decide whether it is in the path from the
source to the destination and drop packets that are not
supposed to be there.
– Route based packet filter cannot completely eliminate
IP spoofing, however, it can significantly reduce it.
• Route based packet filtering requirement:
– The router must know the route between any
pair of source and destination addresses.
• Global topology information
• Not available in BGP.
• Import rules:
• Inferring the feasible paths: