This can be exploited in various ways, most notably to execute DoS amplification attacks which cause an amplifier host to send traffic to the spoofed address.
There are many recommendations to prevent IP spoofing by ingress filtering, e.g. checking source addresses of IP datagrams close to the network edge.
At RIPE-52 in Istanbul RIPE has established a task force that promotes deployment of ingress filtering at the network edge by raising awareness and provide indirect incentives for deployment.
Document ripe-379 provides the task force charter and the initial time-line.
The mailing list archive is at http://www.ripe.net/ripe/maillists/archives/spoofing-tf/2006/index.html
The task force web page is at http://www.ripe.net/ripe/tf/anti-spoofing/
The task force is co-chaired by Nina Hjorth Bargisen (NINA1-RIPE)
and Daniel Karrenberg (DK58).
2007 | author | chronological | subject | threaded | |
2006 | author | chronological | subject | threaded |