At the RIPE66 meeting in mid-May 2013, Benno Overeinder from NLNetLabs and Andrei Robachevsky from the Internet Society organized a panel called “Seven Years of Anti-Spoofing: What Happened Since the RIPE Task Force and What Still Needs to be Done.” We were lucky to get six great panelists who engaged in an interesting discussion of this issue amongst themselves and with the audience. Andrei provided a good recap in his Internet Technology Matters blog post “Can we stop IP-spoofing in the Internet?”.
But, as it happens in such cases, the main outcome was this webcast and individual takeaways of the meeting attendees. We thought: can we do a better job for those who are interested in this issue and want to come back to it, either to understand it better, or to propose an improvement or a solution?
Several folks, some of whom participated in the panel, came together and published here their perspectives regarding IP-spoofing and anti-spoofing. In this section you will find several pieces:
- Robert Beverly: Initial Longitudinal Analysis of IP Source Spoofing Capability on the Internet
Robert is behind the Spoofer project, started in 2005, which measures the Internet’s susceptibility to spoofed source address IP packets. He looks at statistics collected by the project and analyzes the trends. He also describes the measurements and future plans “to promote network hygiene and continue to usefully inform not only technical anti-source spoofing efforts, but also debate and policy surrounding IP spoofing.”
- David Freedman: Why I’m Practicing Anti-Spoofing
David talks about what motivates him to implement anti-spoofing measures and why it is important that more in the industry show zero-tolerance to IP address spoofing. He describes what’s in his network operator’s toolkit and how he applies these tools. He also touches on what holds some of his peers back from implementing ant-spoofing. “Reflection attacks today are effective mainly because service providers are ignoring (or otherwise not employing) filtering recommendations; this acts, I feel, to the detriment of us all.”
- Benno Overeinder: Measuring Spoofed Traffic
How much of DDoS traffic is generated by spoofed reflection attacks? What is the frequency and the impact of such attacks? And where are the origins of such traffic. Benno looks through several security reports and analyzes statistics presented there. “Considering the trend in attacks and their impact, aggravated by the low cost to mount an attack and their untraceability, it is high time for a wider community action. Every effort can help.”
Do you want to share your views, data, or other useful information related to IP address spoofing? Do you have ideas regarding what else could be done to promote anti-spoofing? Please comment or send us an article by email.