More Web Proxy on the site http://driver.im/

research-article

Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers

Authors:

Maciej Korczyński,

Yevheniya Nosyk,

Marcin Skwarek,

Baptiste Jonglez,

Andrzej DudaAuthors Info & Claims

ANRW '20: Proceedings of the 2020 Applied Networking Research Workshop

Pages 9 - 11

https://doi.org/10.1145/3404868.3406668

Published: 27 July 2020 Publication History

Abstract

This paper reports on the first Internet-wide active measurement study to enumerate networks not filtering incoming packets based on their source address. Our method identifies closed and open DNS resolvers handling requests from the outside of the network with the source address in the prefix of the tested network. The study gives the most complete picture of the inbound Source Address Validation deployment at network providers: 32,673 IPv4 ASes and 197,641 IPv4 BGP prefixes are vulnerable to spoofing of inbound traffic.

References

[1]

Robert Beverly and Steven Bauer. 2005. The Spoofer Project: Inferring the Extent of Source Address Filtering on the Internet. In USENIX Steps to Reducing Unwanted Traffic on the Internet (SRUTI) Workshop.

[2]

R. Beverly, A. Berger, Y. Hyun, and k. claffy. 2009. Understanding the Efficacy of Deployed Internet Source Address Validation Filtering. In Internet Measurement Conference. ACM.

[3]

CAIDA. 2020. The Spoofer Project. https://www.caida.org/projects/spoofer/

[4]

Dan Kaminsky. 2008. It's the End of the Cache as We Know It. https://www.slideshare.net/dakami/dmk-bo2-k8.

[5]

Maciej Korczyński, Michal Król, and Michel van Eeten. 2016. Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates. In Internet Measurement Conference. ACM.

Digital Library

[6]

Maciej Korczyński, Yevheniya Nosyk, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda. 2020. The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic. arXiv:2006.05277 [cs.NI]

[7]

Maciej Korczyński, Yevheniya Nosyk, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda. 2020. Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic. In Passive and Active Measurement Conference. Springer, 107--121.

[8]

Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz. 2014. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. In USENIX Conference on Security Symposium.

[9]

Franziska Lichtblau, Florian Streibelt, Thorben Krüger, Philipp Richter, and Anja Feldmann. 2017. Detection, Classification, and Analysis of Inter-domain Traffic with Spoofed Source IP Addresses. In Internet Measurement Conference. ACM.

Digital Library

[10]

Qasim Lone, Maciej Korczyński, Carlos Gañán, and Michel van Eeten. 2020. SAVing the Internet: Explaining the Adoption of Source Address Validation by Internet Service Providers. In Workshop on the Economics of Information Security.

[11]

Qasim Lone, Matthew Luckie, Maciej Korczyński, Hadi Asghari, Mobin Javed, and Michel van Eeten. 2018. Using Crowdsourcing Marketplaces for Network Measurements: The Case of Spoofer. In Traffic Monitoring and Analysis Conference.

[12]

Qasim Lone, Matthew Luckie, Maciej Korczyński, and Michel van Eeten. 2017. Using Loops Observed in Traceroute to Infer the Ability to Spoof. In Passive and Active Measurement Conference. Springer.

[13]

M. Luckie, R. Beverly, R. Koga, K. Keys, J. Kroll, and k claffy. 2019. Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet. In Computer and Communications Security Conference (CCS). ACM.

Digital Library

[14]

Jared Mauch. 2013. Spoofing ASNs. http://seclists.org/nanog/2013/Aug/132.

[15]

Lucas F. Müller, Matthew J. Luckie, Bradley Huffaker, kc claffy, and Marinho P. Barcellos. 2019. Challenges in Inferring Spoofed Traffic at IXPs. In Conference on Emerging Networking Experiments And Technologies (CoNEXT). ACM, 96--109.

[16]

Daniel Senie and Paul Ferguson. 2000. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. RFC 2827. https://rfc-editor.org/rfc/rfc2827.txt

[17]

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr. 2020. NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities. In USENIX Security Symposium.

[18]

Marcin Skwarek, Maciej Korczyński, Wojciech Mazurczyk, and Andrzej Duda. 2019. Characterizing Vulnerability of DNS AXFR Transfers with Global-Scale Scanning. In 2019 IEEE Security and Privacy Workshops. 193--198.

[19]

The Closed Resolver Project. 2020. https://closedresolver.com.

Cited By

Korczyński MNosyk Y(2025)Source Address ValidationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1626(2472-2475)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1626
Guo JHe LLiu Y(2024)Overlooked Backdoors: Investigating 6to4 Tunnel Nodes and Their Exploitation in the Wild2024 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59868.2024.10850165(1-8)Online publication date: 22-Nov-2024
https://doi.org/10.1109/IPCCC59868.2024.10850165
Nosyk YKorczyński MDuda A(2023)Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00201(1470-1479)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00201
Show More Cited By

Index Terms

Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers
1. Networks
  1. Network performance evaluation
    1. Network measurement
  2. Network properties
    1. Network security
      1. Security protocols

Recommendations

The Closed Resolver Project: Measuring the Deployment of Inbound Source Address Validation
Ingress filtering, commonly referred to as Source Address Validation (SAV), is a practice aimed at discarding packets with spoofed source IP addresses at the network periphery. Outbound SAV, i.e., dropping traffic with spoofed source IP addresses as it ...
Comparing DNS resolvers in the wild
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

The Domain Name System (DNS) is a fundamental building block of the Internet. Today, the performance of more and more applications depend not only on the responsiveness of DNS, but also the exact answer returned by the queried DNS resolver, e.g., for ...
RFC 5210: A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ANRW '20: Proceedings of the 2020 Applied Networking Research Workshop

July 2020

77 pages

ISBN:9781450380393

DOI:10.1145/3404868

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IRTF: Internet Research Task Force
Internet Society: Internet Society
SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Grenoble Alpes Cybersecurity Institute
IDEX Université Grenoble Alpes

Conference

ANRW '20

Sponsor:

IRTF
Internet Society
SIGCOMM

ANRW '20: Applied Networking Research Workshop

July 27 - 30, 2020

Virtual Event, Spain

Acceptance Rates

Overall Acceptance Rate 34 of 58 submissions, 59%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
148
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Korczyński MNosyk Y(2025)Source Address ValidationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1626(2472-2475)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1626
Guo JHe LLiu Y(2024)Overlooked Backdoors: Investigating 6to4 Tunnel Nodes and Their Exploitation in the Wild2024 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59868.2024.10850165(1-8)Online publication date: 22-Nov-2024
https://doi.org/10.1109/IPCCC59868.2024.10850165
Nosyk YKorczyński MDuda A(2023)Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00201(1470-1479)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00201
Nosyk YHureau OFernandez SDuda AKorczyński M(2023)Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00067(546-557)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00067
Lone QFrik ALuckie MKorczyński Mvan Eeten MGañán C(2022)Deployment of Source Address Validation by Network Operators: A Randomized Control Trial2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833701(2361-2378)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833701
Nosyk YKorczyński MDuda A(2022)Routing Loops as Mega Amplifiers for DNS-Based DDoS AttacksPassive and Active Measurement10.1007/978-3-030-98785-5_28(629-644)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-030-98785-5_28
Nawrocki MJonker MSchmidt TWählisch MLevin DMislove AAmann JLuckie M(2021)The far side of DNS amplificationProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487835(419-434)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487835
Korczyński MNosyk Y(2021)Source Address ValidationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1626-1(1-5)Online publication date: 19-Jan-2021
https://doi.org/10.1007/978-3-642-27739-9_1626-1

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten