Abstract:To protect themselves from attacks, networks need to enforce ingress filtering, i.e., block inbound packets sent from spoofed IP addresses. Although this is a widely known best practice, it is still not clear how many networks do not block spoofed packets. Inferring the extent of spoofability at Internet scale is challenging and despite multiple efforts the existing studies currently cover only a limited set of the Internet networks: they can either measure networks that operate servers with faulty network-stack implementations, or require installation of the measurement software on volunteer networks, or assume specific properties, like traceroute loops. Improving coverage of the spoofing measurements is critical. In this work we present the Spoofing Mapper (SMap): the first scanner for performing Internet-wide studies of ingress filtering. SMap evaluates spoofability of networks utilising standard protocols that are present in almost any Internet network. We applied SMap for Internet-wide measurements of ingress filtering: we found that 69.8% of all the Autonomous Systems (ASes) in the Internet do not filter spoofed packets and found 46880 new spoofable ASes which were not identified in prior studies. Our measurements with SMap provide the first comprehensive view of ingress filtering deployment in the Internet as well as remediation in filtering spoofed packets over a period of two years until May 2021. We set up a web service at <a class="link-external link-https" href="https://smap.cad.sit.fraunhofer.de" rel="external noopener nofollow">this https URL</a> to perform continual Internet-wide data collection with SMap and display statistics from spoofing evaluation. We make our datasets as well as the SMap (implementation and the source code) publicly available to enable researchers to reproduce and validate our results, as well as to continually keep track of changes in filtering spoofed packets in the Internet.

SMap: Internet-wide Scanning for Spoofing

Rumors Stop with the Wise: Unveiling Inbound SAV Deployment Through Spoofed ICMP Messages

SoK: Rethinking Sensor Spoofing Attacks Against Robotic Vehicles from a Systematic View.

A Distributed IP Spoof Detection System in Intranet

The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic

Revisiting Inter-As IP Spoofing Let the Protection Drive Source Address Validation.

Detecting SYN Flooding Agents under Any Type of IP Spoofing

Investigating the efficiency of fine granularity source address validation in IPv6 networks

A Backscatter Technology Based Study on Source Address Spoofing

Experience with SPM in IPv6

VASE: Filtering IP spoofing traffic with agility

Your Router is My Prober: Measuring IPv6 Networks Via ICMP Rate Limiting Side Channels

Toward Incentivizing Anti-Spoofing Deployment

Hidden Treasures - Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane

MASK:An Efficient Mechanism to Extend Inter-Domain IP Spoofing Preventions

PMap: Reinforcement Learning-Based Internet-Wide Port Scanning

IMap: Toward a Fast, Scalable and Reconfigurable In-Network Scanner with Programmable Switches

Enable a Trustworthy Network by Source Address Spoofing Prevention Routers: A Formal Description

Aggressive Internet-Wide Scanners: Network Impact and Longitudinal Characterization

Study on Classification and Characteristics of Source Address Spoofing Attacks in the Internet

Performing software defined route-based IP spoofing filtering with SEFA