International Conference on Advanced Computing, Communication and Networks - CCN 2011
Author(s) : P.V.RAVI KANTH, A. RAVI, M.SRINIVASA ROA
The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Even Prevention mechanisms are attacked by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can avoid detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an Inter Domain Packet Filter (IDPF) architecture that can reduce the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. IDPF’s are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers and IDPF’s does not discard packets with valid source addresses. Here we show that, even with partial deployment on the Internet, IDPF’s can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.