spoofer: measure your network’s hygiene!

April 5th, 2009 by kc

We are studying an empirical Internet question central to its security, stability, and sustainability: how many networks allow packets with spoofed (fake) IP addresses to leave their network destined for the global Internet? In collaboration with MIT, we have designed an experiment that enables the most rigorous analysis of the prevalence of IP spoofing thus far, and we need your help running a measurement to support this study.

This week Rob Beverly finally announced to nanog an update to spoofer he’s been working on for a few months. Spoofer is one of the coolest Internet measurement tool we’ve seen in a long time — especially now that he is using Ark nodes as receivers (of spoofed and non-spoofed packets), giving him 20X more path coverage than he could get with a single receiver at MIT.

IP source spoofing is still a common attack vector. Rob’s ANA spoofer project first began quantifying the extent of source-address-based filtering in 2005, although with a limited set of tests and only a single destination receiving probes. In addition to adding several different tests that will improve the accuracy of inferences, spoofer now hooks into CAIDA’s Ark infrastructure, which provides 20-30 additional destinations for test probe measurements. Spoofer’s output is also presented in a snazzy visual form; Internet measurement doesn’t get much sexier than this! Help us measure the extent of source-based address filtering on the Internet — take a few minutes to download and run the tester — the more diverse network locations you run spoofer from, the more accurate our results will be.

Related links: Spoofer FAQ; Ark project page.

[Ark project funded by DHS S&T's Cybersecurity Program N66001-08-C-2029 and NSF CISE's Computing Research Infrastructure award CRI-0551542.]

5 Responses to “spoofer: measure your network’s hygiene!”

  1. Mikael Says:

    I have to honestly say, that I don’t really understand what you’re writing but I do appreciate when people are trying to make the internet a safer place for all of us. So thanks.

    /Mikael

  2. Michael Kain Says:

    With all the recent DDOS and other types of attacks and security breaches by “Anonymous”, this issue seems more relevant than ever. Especially in regards to some of the hackers which had used tactics similar to this to conceal their identity when attacking HB Gary, among others.

    Michael,
    Registry Resource

  3. Elise Says:

    I would have to agree with Mikael – I’m not quite sure of the magnitude of the threat that spoofing poses, but it’s good that people in the know such as yourselves are collaborating with the experts at MIT for the safety of Internet users who have no idea what poses a threat and what does not.

    Thanks,

    Elise

  4. Joyce Novicio Says:

    I can’t wait to download this and try it out. I’ve been looking for something like this for a couple of years now. I want to incorporate it into a lot of my affiliate activity.

    Really impressive work from Rob Beverly and MIT. This is such a great way to add more security and safety especially in this crazy internet world! Thank you and keep it up guys!!! Much appreciated.

    Joyce Novicio
    Webmaster, doorcanopy.org

  5. Mateo Says:

    I think you folks together with MIT in finding security protocols for the internet is great. With so much data involved it seems these tests filters IP addresses which assist hackers in obtaining information. Well, I have to say is great job.

Leave a Reply