期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method 被引量:3
1
作者 毕军 刘冰洋 +1 位作者 吴建平 沈燕 《Tsinghua Science and Technology》 SCIE EI CAS 2009年第4期413-422,共10页
A signature-and-verification-based method, automatic peer-to-peer anti-spoofing (APPA), is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer,... A signature-and-verification-based method, automatic peer-to-peer anti-spoofing (APPA), is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS ran- dom number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs. APPA has an intra-AS (autonomous system) level and an inter-AS level. In the intra-AS level, signatures are tagged into each departing packet at the host and verified at the gateway to achieve finer-grained anti-spoofing than ingress filtering. In the inter-AS level, signatures are tagged at the source AS border router and verified at the destination AS border router to achieve prefix-level anti-spoofing, and the automatic state machine enables the peers to change signatures without negotiation which makes APPA attack-resilient compared with the spoofing prevention method. The results show that the two levels are both incentive for deployment, and they make APPA an integrated anti-spoofing solution. 展开更多
关键词 source address spoofing spoofing prevention internet security
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部