Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Importance of IDPF to Avoid DDoS Attacks


Affiliations
1 Sri Indu College of Engineering & Technology, JNTU Hyderabad, India
2 JNTU Hyderabad, India
3 CSE Dept. at Sri Indu College of Engineering & Technology, India
     

   Subscribe/Renew Journal


The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an interdomain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. IDPFs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

Keywords

IP Spoofing, DDoS, BGP, Network-Level Security and Protection, Routing Protocols.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 133

PDF Views: 4




  • Importance of IDPF to Avoid DDoS Attacks

Abstract Views: 133  |  PDF Views: 4

Authors

Srikar
Sri Indu College of Engineering & Technology, JNTU Hyderabad, India
K. Hanumantha Rao
JNTU Hyderabad, India
K. Venkatesh Sharma
CSE Dept. at Sri Indu College of Engineering & Technology, India

Abstract


The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an interdomain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. IDPFs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

Keywords


IP Spoofing, DDoS, BGP, Network-Level Security and Protection, Routing Protocols.