Update: In May 2015, ownership of Spoofer transferred from MIT to CAIDA
We are studying an empirical Internet question central to its security, stability, and sustainability: how many networks allow packets with spoofed (fake) IP addresses to leave their network destined for the global Internet? In collaboration with MIT, we have designed an experiment that enables the most rigorous analysis of the prevalence of IP spoofing thus far, and we need your help running a measurement to support this study.
This week Rob Beverly finally announced to nanog an update to spoofer he’s been working on for a few months. Spoofer is one of the coolest Internet measurement tool we’ve seen in a long time — especially now that he is using Ark nodes as receivers (of spoofed and non-spoofed packets), giving him 20X more path coverage than he could get with a single receiver at MIT.
IP source spoofing is still a common attack vector. Rob’s ANA spoofer project first began quantifying the extent of source-address-based filtering in 2005, although with a limited set of tests and only a single destination receiving probes. In addition to adding several different tests that will improve the accuracy of inferences, spoofer now hooks into CAIDA’s Ark infrastructure, which provides 20-30 additional destinations for test probe measurements. Spoofer’s output is also presented in a snazzy visual form; Internet measurement doesn’t get much sexier than this! Help us measure the extent of source-based address filtering on the Internet — take a few minutes to download and run the tester — the more diverse network locations you run spoofer from, the more accurate our results will be.