[e2e] DDoS attack vs. Spoofing of Source Address
Robert Beverly
rbeverly at rbeverly.net
Mon Jan 23 13:04:55 PST 2006
On Wed, Jan 18, 2006 at 05:46:52PM +0000, Fergie wrote:
> It is difficult, if mot impossible, to determine the extent to
> which BCP38 is delpoyed -- even though its deployment should be
> encouraged.
>
> [2] Rob Beverly is/was the catalyst behind the Spoofer Project to
> determine the extent to which this was deployed. either at the
> network ingress or at the host level:
We've collected nearly 1200 unique reports from around the Internet
and have an interesting, if not completely representative, dataset.
One particular new feature of the spoofer tester is the ability
to determine where along a tested path filtering is employed with
what we're calling a "reverse traceroute" mechanism [1]. Knowing
the "filtering depth" is of particular interest to us since there
is an operational tension between the specificity of router-level
filters and the ability to properly maintain them. We also test
fun stuff such as how far into the adjacent neighbor address space
the client can spoof, filtering inconsistencies, etc.
We'd appreciate any runs of the spoofer tester to help us gather
additional data. The client, more details of the reverse traceroute
as well as our "state of IP spoofing" summary results are all the
web page:
http://spoofer.csail.mit.edu/
Thanks,
rob
[1] The idea for the reverse traceroute arose from a fruitful
discussion with John Curran.
More information about the end2end-interest
mailing list