Raphael Hiesgen: Fight Spoofing with Spoofing

  • When Jul 03, 2019 from 03:00 PM to 04:00 PM (CET / UTC200)
  • Where R 4.60
  • Contact Name
  • Add event to calendar iCal

Spoofed traffic is a major problem throughout the Internet. It serves as a building block for many attacks, and in addition interferes with passive measurements. Internet telescopes are one source of passive measurements that collect Internet background radiation (IBR) and help with the analysis of phenomenons such as outages or census. Information gained from this source depends on the reliability of the collected data. The validity of the source address is often important for geolocation.

We are working on a new approach for identifying genuine packets in collected IBR with the goal to extract a subset of reliable data. Our system probes IBR sources in real-time to perform a pseudo source address validation test based on IP IDs for ICMP or a handshake continuity test for TCP. An evaluation in a local testbed shows that the methodology works well in theory. A mechanism for the validation of UDP packets is more complicated due to its lack of state and the large variety of its deployment in service protocols.

This talk presents the work started during an internship at CAIDA (University of California, San Diego) updated with ongoing work that focuses on the integration of UDP into our system.