-6

The IP Spoofing is becoming a major concern these days.I was wondering whether we could use pattern matching,like comparing the hop count of the packets coming or the TTL(Time To Live) field of the IP datagram to reduce IP spoofing.Is there any way for this?

user1369975
  • 99
  • 5
  • 2
    You keep asking very much the same question over and over again. At some point, you need to take initiative and do your own research for your paper. That is what academics is all about. – EEAA Jun 11 '14 at 22:34
  • @EEAA I had not even noticed it was the same user asking all three questions. – kasperd Jun 11 '14 at 22:38
  • @EEAA,I had asked the three questions,with different intentions,with different doubts in mind.But you all are more experienced than me,so if you feel that it was the same question over and over again,thanks for mentioning that.I'll keep that in mind in future while asking questions. – user1369975 Jun 13 '14 at 13:39
  • @user1369975 - My main concern was not so much the duplicate questions as it was the fact that you're coming here to ask us to do your homework/research for you. That's not what Serverfault is for. – EEAA Jun 13 '14 at 13:42
  • @EEAA,I'll keep this in mind further while asking questions – user1369975 Jun 13 '14 at 13:46

1 Answers1

1

Don't try to tell apart IP spoofing from packets you are receiving. You'll be playing a losing game. Instead focus on the next layer up the protocol stack, where it is possible to do something.

There are four things higher layer protocols have to do in order to be resilient to spoofing.

  • If spoofing prevention is important, then send an unpredictable value to the client, which the client has to send back to prove their IP address.
  • For any packets received from IP addresses that have not yet been proven correct, never send a higher number of packets in return than the number of packets you received. Ideally never send a higher number of bytes in return, or at least only a tiny percentage more.
  • Never spend large amount of CPU time (or other resources) processing packets from an unproven IP.
  • Never store state about packets from an unproven IP.

TCP does all of the above (though the last point is only achieved through SYN cookies). This makes TCP very resilient to IP spoofing.

If you are running protocols over UDP, the responsibility to provide resilience against spoofing is on the application layer. The same four principles apply in protocol design.

kasperd
  • 29,894
  • 16
  • 72
  • 122