Controlling IP Spoofing Through Inter-Domain Packet Filters
The Distributed Denial of Services (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge, or spoof, the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, the authors propose an Inter-Domain Packet Filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of their scheme is that it does not require global routing information.