Constructing
Inter-Domain Packet Filters to Control
IP SPOOFING
Based on BGP Updates
Abstract
The Distributed Denial-of-Service (DDoS)
attack is a serious threat to the legitimate use of the Internet. Prevention
mechanisms are thwarted by the ability of attackers to forge or spoof the
source addresses in IP packets.
By
employing IP spoofing, attackers can evade detection and put a substantial
burden on the destination network for policing attack packets. In this paper,
we propose an inter-domain packet filter (IDPF) architecture that can mitigate
the level of IP spoofing on the Internet.
A key feature of our scheme is that it does
not require global routing information. IDPFs are constructed from the
information implicit in Border Gateway Protocol (BGP) route updates and are
deployed in network border routers.
We
establish the conditions under which the IDPF framework correctly works in that
it does not discard packets with valid source addresses.
Based
on extensive simulation studies, we show that, even with partial deployment on
the Internet, IDPFs can proactively limit the spoofing capability of attackers.
In addition, they can help localize the origin of an attack packet to a small
number of candidate networks.
Existing System:
Existing system uses Network Ingress Filtering. Ingress filtering primarily prevents a specific
network from being used for attacking others.
Proposed System:
In our project we propose and study IDPF
architecture as an effective countermeasure to the IP spoofing-based DDoS
attacks. IDPFs rely on BGP update messages exchanged on the Internet to infer
the validity of source address of a packet forwarded by a neighbor.
System Requirements
Hardware Requirements:
•
PROCESSOR : PENTIUM IV 2.6 GHz
•
RAM :512 MB DD RAM
•
MONITOR :15” COLOR
•
HARD DISK :20 GB
•
FLOPPY
DRIVE :1.44 MB
•
CDDRIVE :LG
52X
•
KEYBOARD :STANDARD 102 KEYS
Software Requirements:
•
FRONT
END : Java,
swing
•
OPERATING
SYSTEM :
Window’s XP
•
BACK
END :Ms SQL
No comments:
Post a Comment