Definitions
Source address validation (SAV) is a standard formalized in RFC 2827 aimed at discarding packets with spoofed source IP addresses. The absence of SAV has been known as a root cause of reflection distributed denial-of-service (DDoS) attacks.
Outbound SAV (oSAV): filtering applied at the network edge to traffic coming from inside the customer network to the outside.
Inbound SAV (iSAV): filtering applied at the network edge to traffic coming from the outside to the customer network.
Background
The Internet relies on IP packets to enable communication between hosts with the destination and source addresses specified in packet headers. However, there is no packet-level authentication mechanism to ensure that the source address has not been altered (Beverly et al., 2009). The modification of a source IP address is referred to as âIP spoofing.â It results in the anonymity of the sender and prevents a packet from being traced to its origin. This vulnerability has been leveraged to...
This is a preview of subscription content, log in via an institution to check access.
References
Baker F, Savola P (2004) Ingress filtering for multihomed networks. RFC 3704. https://rfc-editor.org/rfc/rfc3704.txt
Beverly R, Bauer S (2005) The spoofer project: inferring the extent of source address filtering on the internet. In: USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop
Beverly R, Berger A, Hyun Y, claffy k (2009) Understanding the efficacy of deployed internet source address validation filtering. In: Internet Measurement Conference, ACM
Deccio C, Hilton A, Briggs M, Avery T, Richardson R (2020) Behind closed doors: A network tale of spoofing, intrusion, and false DNS security. In: Internet Measurement Conference, ACM
Kaminsky D (2008) Itâs the end of the cache as we know it. https://www.slideshare.net/dakami/dmk-bo2-k8
KorczyĆski M, KrĂłl M, van Eeten M (2016) Zone poisoning: the how and where of non-secure DNS dynamic updates. In: Internet Measurement Conference, ACM
KorczyĆski M, Nosyk Y, Lone Q, Skwarek M, Jonglez B, Duda A (2020a) Donât forget to lock the front door! Inferring the deployment of source address validation of inbound traffic. In: Passive and active measurement. Springer International Publishing, Cham
KorczyĆski M, Nosyk Y, Lone Q, Skwarek M, Jonglez B, Duda A (2020b) Inferring the deployment of inbound source address validation using DNS resolvers. In: Proceedings of the Applied Networking Research Workshop, ANRWâ20. ACM, pp 9â11
KorczyĆski M, Nosyk Y, Lone Q, Skwarek M, Jonglez B, Duda A (2020c) The closed resolver project: measuring the deployment of source address validation of inbound traffic. In: CORR. https://arxiv.org/abs/2006.05277
Kottler S (2018) February 28th DDoS incident report. https://github.blog/2018-03-01-ddos-incident-report/
KĂŒhrer M, Hupperich T, Rossow C, Holz T (2014) Exit from hell? Reducing the impact of amplification DDoS attacks. In: USENIX Conference on Security Symposium
Lichtblau F, Streibelt F, KrĂŒger T, Richter P, Feldmann A (2017) Detection, classification, and analysis of inter-domain traffic with spoofed source IP addresses. In: Internet Measurement Conference, ACM
Lone Q, Luckie M, KorczyĆski M, van Eeten M (2017) Using loops observed in traceroute to infer the ability to spoof. In: Passive and Active Measurement Conference. Springer International Publishing, Cham
Lone Q, Luckie M, KorczyĆski M, Asghari H, Javed M, van Eeten M (2018) Using crowdsourcing marketplaces for network measurements: the case of spoofer. In: Traffic Monitoring and Analysis Conference
Lone Q, KorczyĆski M, Gañån C, van Eeten M (2020) SAVing the internet: explaining the adoption of source address validation by internet service providers. In: Workshop on the Economics of Information Security
Luckie M, Beverly R, Koga R, Keys K, Kroll J, claffy k (2019) Network hygiene, incentives, and regulation: deployment of source address validation in the internet. In: Computer and Communications Security Conference, ACM
Luo X, Wang L, Xu Z, Chen K, Yang J, Tian T (2018) A large scale analysis of DNS water torture attack. In: Conference on Computer Science and Artificial Intelligence
MANRS (2020) Mutually agreed norms for routing security. https://www.manrs.org/
Mauch J (2013) Spoofing ASNs. http://seclists.org/nanog/2013/Aug/132
MĂŒller LF, Luckie MJ, Huffaker B, Claffy KC, Barcellos MP (2019) Challenges in inferring spoofed traffic at IXPs. In: Conference on Emerging Networking Experiments And Technologies, ACM
Rossow C (2014) Amplification hell: revisiting network protocols for DDoS abuse. In: Network and Distributed System Security Symposium
Senie D, Ferguson P (2000) Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. RFC 2827. https://rfc-editor.org/rfc/rfc2827.txt
Shafir L, Afek Y, Bremler-Barr A (2020) NXNSAttack: recursive DNS inefficiencies and vulnerabilities. In: USENIX Security Symposium
Spoofer Project (2020) The spoofer project. https://www.caida.org/projects/spoofer/
Vixie P, Thomson S, Rekhter Y, Bound J (1997) Dynamic updates in the domain name system (DNS UPDATE). Internet RFC 2136
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2021 Springer Science+Business Media LLC
About this entry
Cite this entry
KorczyĆski, M., Nosyk, Y. (2021). Source Address Validation. In: Jajodia, S., Samarati, P., Yung, M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27739-9_1626-1
Download citation
DOI: https://doi.org/10.1007/978-3-642-27739-9_1626-1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27739-9
Online ISBN: 978-3-642-27739-9
eBook Packages: Springer Reference Computer SciencesReference Module Computer Science and Engineering