Inter Domain Packet Filters for IP Spoofing Attacks
The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Even Prevention mechanisms are attacked by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can avoid detection and put a substantial burden on the destination network for policing attack packets. In this paper, the authors propose an Inter Domain Packet Filter (IDPF) architecture that can reduce the level of IP spoofing on the Internet. A key feature of the authors' scheme is that it does not require global routing information.