DNS-Based Defense against IP Spoofing Attacks
Many attacks on the Internet spoof the source IP addresses. Numerous techniques have been researched and developed thus far to cope with this, but they are not yet sufficient. This paper proposes a Domain Name System-based technique for handling the issue. An attacker needs the IP address of an application server, the target of attack, to access there. To obtain the address, the attacker queries the DNS full-service resolver to resolve the server’s fully qualified domain name. While the attacker is inquiring about the address, it cannot spoof its address in the proposed scheme. The proposed scheme informs the application server-side gateway of the client’s address, with which the gateway can ignore access by those other than the informed address.
Keywordsspoofing address DNS log SFP TCP fallback
Unable to display preview. Download preview PDF.
- 1.Aboba, B., Dixon, W.: IPsec-Network Address Translation (NAT) Compatibility Requirements. RFC 3715, Informational (March 2004), http://www.ietf.org/rfc/rfc3715.txt
- 2.Baker, F., Savola, P.: Ingress Filtering for Multihomed Networks. RFC 3704 (Best Current Practice) (March 2004), http://www.ietf.org/rfc/rfc3704.txt
- 3.Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987, Informational (August 2007), http://www.ietf.org/rfc/rfc4987.txt
- 4.Kumari, W., McPherson, D.: Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF). RFC 5635, Informational (August 2009), http://www.ietf.org/rfc/rfc5635.txt
- 5.Passive Network Monitors (August 2012), http://www.caida.org/data/realtime/passive/?monitor=equinix-chicago-dirA
- 6.Takahashi, T., Hazeyama, H., Miyamoto, D., Kadobayashi, Y.: Taxonomical approach to the deployment of traceback mechanisms. In: 2011 Baltic Congress on Future Internet Communications (BCFIC Riga), pp. 13–20 (February 2011)Google Scholar
- 7.Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1. RFC 4408 (Experimental) updated by RFC 6652 (April 2006), http://www.ietf.org/rfc/rfc4408.txt