We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Networking and Internet Architecture

Title: Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic

Abstract: This paper concerns the problem of the absence of ingress filtering at the network edge, one of the main causes of important network security issues. Numerous network operators do not deploy the best current practice - Source Address Validation (SAV) that aims at mitigating these issues. We perform the first Internet-wide active measurement study to enumerate networks not filtering incoming packets by their source address. The measurement method consists of identifying closed and open DNS resolvers handling requests coming from the outside of the network with the source address from the range assigned inside the network under the test. The proposed method provides the most complete picture of the inbound SAV deployment state at network providers. We reveal that 32 673 Autonomous Systems (ASes) and 197 641 Border Gateway Protocol (BGP) prefixes are vulnerable to spoofing of inbound traffic. Finally, using the data from the Spoofer project and performing an open resolver scan, we compare the filtering policies in both directions.
Subjects: Networking and Internet Architecture (cs.NI)
Journal reference: Proceedings of the Passive and Active Network Measurement Conference, 2020
DOI: 10.1007/978-3-030-44081-7_7
Cite as: arXiv:2002.00441 [cs.NI]
  (or arXiv:2002.00441v1 [cs.NI] for this version)

Submission history

From: Yevheniya Nosyk [view email]
[v1] Sun, 2 Feb 2020 18:04:26 GMT (2696kb)

Link back to: arXiv, form interface, contact.