Identifying and protecting Ip spoofing attack
Abstract : Network intruders may spoof IP packets by modifying headers of the IP packets to fool people believe that the transmissions are originating from the trusted source. Consequently, various defence mechanisms have been developed to identify and prevent IP spoofing attack. However, the existing prevention mechanisms are implemented on either destination hosts or routers levels. At these levels facilitate utilization of shared resources on the networks during the attacking process even if there is a mechanism on those levels. To the best of our knowledge, there is no research work reported on how an IP spoofing attacker can be prevented from attacker’s LAN before utilizing shared network resources. Therefore, this paper proposes an algorithm for providing an attacker a warning due to his/her attacking activities. The study employed Mininet network emulator, POX controller, Layer 3 switches (L3S), packets analyzer, and packet constructor to design and develop a prototype of the algorithm in a Local Area Network (LAN) environment. Results show that the developed algorithm is capable of returning packets to an attacker as a warning mechanism in a LAN level. The warning packets utilize attacker’s network resources/keep the attackers network busy, hence stops IP spoofing attacks. Therefore the attacker is as well get affected by his/her attacking activities.
? We provide a brief review of the existing literature pertaining to the problem of IP spoofing and distributed denial of service attacks (DDoS) in the public Cloud.
? Unfortunately, two commonly observed limitations of the existing studies on DDoS and IP spoofing in the public Cloud. They are mostly theoretical works based on hypothetical assumptions.
? As such, these works provide no insight into the actual real-world feasibility of Cloud-based attacks that rely on IP spoofing, and their results are likely to have very limited practical value, at best.
? The work presented in this paper aims to overcome the above-identified limitations of the existing research literature.
? Any mechanisms to provide a warning to an attacker is also another problem that gives attackers a confidence to continue their attacking activities as there is no effect of any sort is imposed on them.
? This study realised reasons for IP spoofing attack continue to a problem on today’s communication networks, despite several defense mechanisms.
? It is used to determine the possible solution of the existing problem.
? This study suggested the possible solutions to the problem and chose the most efficient solution on source IP address validation and warning provision to an attacker.
• This work proposed StackPi-Write ahead with a new packet marking scheme based on Pi, and new filtering mechanisms.
• We propose a new approach, called StackPi (short for Stack Path Identifier), which is the first defense mechanism that satisfies all of the above desired properties.
• Proposed system develops the path identification IP filter, which an be used to detect IP spoofing attacks with a single attack packet.
• We subsequently proposed SIFF, a capabilitybased system that allows a receiver to enforce flow-based admission control.
• They leverage Path identification markings to filter out floods of request packets in their scheme routers attempt to provide fair sharing among capability request packets based on their Path identification markings.
? Due to high responsibility of the routers, adding an extra task to detect, prevent and locate IP spoofing attackers reduce performance (add overhead on the operation) of the routers.
? When the attacker is punished, most likely he/she will stop the attacking activities, hence improve network performance and prevent IP spoofing attacks.
? There are difference types of defense mechanisms used for IP spoofing packets identification, prevention and locating an attacker.
? Development is the third step in DSRM, which is used for designing and implementing an artifact for the suggested solution.
? Evaluation is the forth step used in DSRM to test the results of the developed artifact.
|