Volume 5 Number 6 (Nov. 2016)
Home > Archive > 2016 > Volume 5 Number 6 (Nov. 2016) >
IJCCE 2016 Vol.5(6): 441-454 ISSN: 2010-3743
DOI: 10.17706/IJCCE.2016.5.6.441-454

Filtering Source-Spoofed IP Traffic Using Feasible Path Reverse Path Forwarding with SDN

Kevin Benton, L. Jean Camp, Tim Kelley, Martin Swany
Abstract—Source IP address spoofing is still a significant problem on today’s Internet. Recent DDoS attacks, which combined source IP spoofing and amplifying UDP services, have resulted in attack traffic volumes exceeding hundreds of gigabits per second. In this work we argue that the ingress packet filtering solutions proposed in BCP 38 more than 13 years ago have failed to solve the issue due to fundamental incentive misalignment. We present an SDN implementation of feasible path reverse path forwarding which tier 2 ISPs could implement using OpenFlow switches at peering points with no impact to the performance of their routers. We show how an SDN solution can handle error cases more gracefully than current reverse path forwarding implementations. We illustrate that this proposal is well-aligned with the economic incentives of the adopting parties and furthermore does not require ubiquitous adoption to create network-wide immunity. We describe our open code implementation on OpenFlow. Finally, we discuss the limitations of this filtering approach.

Index Terms—IP Spoofing, SDN, Distributed denial of service attacks, Internet routing.

The authors are with the School of Informatics and Computing, Indiana University, Bloomington, IN, USA.

Cite:Kevin Benton, L. Jean Camp, Tim Kelley, Martin Swany, "Filtering Source-Spoofed IP Traffic Using Feasible Path Reverse Path Forwarding with SDN," International Journal of Computer and Communication Engineering vol. 5, no. 6, pp. 441-454, 2016.

General Information

ISSN: 2010-3743
Frequency: Bimonthly
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: EI (INSPEC, IET), Google Scholar, Crossref, Engineering & Technology Digital Library, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
  • Mar 31, 2016 News!

    IJCCE Vol. 4, No. 5 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Nov 29, 2016 News!

    IJCCE Vol.6, No.1 is published with online version!   [Click]

  • Aug 31, 2016 News!

    IJCCE Vol.5, No.6 is published with online version!   [Click]

  • Jul 20, 2016 News!

    The dois of published papers in Vol. 5, No. 4 & No. 5 have been validated by Crossref.

  • Jul 20, 2016 News!

    IJCCE Vol.5, No.5 is published with online version!   [Click]

  • Read more>>