Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method

Date Added: Aug 2009
Format: PDF

A signature-and-verification-based method, Automatic Peer-to-Peer Anti-spoofing (APPA), is proposed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS random number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs.