DMIPS - Defensive mechanism against IP spoofing

Abstract

The usage of internet has increased in all fields of the globe and its size is increasing at a high rate. The network providers are not able to afford enough resources like computation power and bandwidth which are needed to maintain their quality of service. This inability is exploited by the attackers in the form of Denial of Service attacks (DoS) and Distributed Denial of Service attacks (DDoS). The systems trying to mitigate DoS attacks should focus on the technique called IP spoofing. IP Spoofing refers to the creation of IP packets with forged source address. IP spoofing aids the DoS attackers in maintaining their anonymity. IP spoofing is beneficial when the systems use source address for authentication of the packets. Previously, an anti-spoofing method called HCF (Hop Count Filtering) was proposed which could effectively filter the spoofed packets. The HCF works on the basis that the attacker cannot falsify the Hop count (HC), the number of hops an IP packet takes to reach the destination. This HC value can be inferred from the TTL (Time To Live) field in the IP packet. However, the working of HCF has the following problems: 1) Multiple path possibility is ignored. 2) The method of building the HC tables must be more secure. 3) Lack of good renew procedure which can detect network changes. In this paper, we propose a 2 level filtering scheme called DMIPS, based on HCF. DMIPS is secure, resolves the multiple path problem and can filter the spoofed packets effectively. The present scheme can detect the changes in the network and can update the HC values. DMIPS improve the quality of service of the network by minimizing the number of false positives. The network under discussion is of the type server and clients and the server is the point of attack. © 2011 Springer-Verlag.