Evaluating Host-based Methods for Detecting Spoofed IP Packets
Peter Djalaliev ‘05
Billions of messages are transmitted across the Internet each day and most of these use the Internet Protocol (IP) to route packets to specific destinations based upon an IP address. While these packets contain both source and destination addresses, the protocol provides no means to verify the authenticity of the source. Therefore, packets can be sent with intentionally altered source addresses, known as spoofing, which in most cases is done for malicious purposes. IP spoofing is an integral part of various distributed denial-of-service attacks. Today, a number of methods of detecting spoofed IP packets have been studied in order to limit possible damage. These detection methods are classified as router-based and host-based, depending upon the site of implementation. Host-based detection methods are of particular interest because they can be implemented locally irregardless of the Internet service provider. The current research on host-based methods provides a number of possible solutions. However, there is insufficient data related to their efficiency. We evaluate the performance of the well known host-based spoofing detection methods under various circumstances and explore the ability of these methods to complement one another in order to improve their efficiency.
Andrew White Main List Thomas Royce