IP address spoofing has been a well-known security issue for a long time. It enables potential attackers to change their genuine IP addresses and become untraceable. The most efficient way to fight this problem is to perform packet filtering at the network edge, also known as Source Address Validation (SAV). Together with our partners from Université Grenoble Alpes we evaluate the SAV deployment of inbound traffic by sending DNS A requests to local resolvers on behalf of other hosts of tested networks. Not only we check filtering policies, but also reveal closed resolvers, not seen from outside otherwise.
Our partners from Université Grenoble Alpes periodically scan the whole routable IPv4 address space and a targeted list of IPv6 addresses to identify vulnerable networks. If you want to test your own network, please contact us.
We calculate the proportion of /24 IPv4 networks confirmed to be vulnerable to inbound spoofing vs. all the networks per country. Note, that this is the lower bound estimate of the problem. Check the map below:
We describe our findings in greater detail in the following publications:
@inproceedings{korczynski2020pam,
title = {{Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic}},
author = {Korczy\'{n}ski, Maciej and Nosyk, Yevheniya and Lone, Qasim and Skwarek, Marcin and Jonglez, Baptiste and Duda, Andrzej},
booktitle = {Proceedings of the 21st International Conference on Passive and Active Measurement},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
pages = {107--121},
year = {2020},
doi = {10.1007/978-3-030-44081-7\_7}
}
@misc{nosyk2023closed,
title={The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic},
author={Yevheniya Nosyk and Maciej Korczy\'{n}ski and Qasim Lone and Marcin Skwarek and Baptiste Jonglez and Andrzej Duda},
year={2023},
journal={IEEE/ACM Transactions on Networking},
pages={1-15},
doi={10.1109/TNET.2023.3257413}
}
@inproceedings{korczyski2020anrw,
title = {Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers},
author = {Korczy\'{n}ski, Maciej and Nosyk, Yevheniya and Lone, Qasim and Skwarek, Marcin and Jonglez, Baptiste and Duda, Andrzej},
booktitle = {Proceedings of the Applied Networking Research Workshop},
series = {ANRW '20}
publisher = {Association for Computing Machinery},
pages = {9-11},
year = {2020},
doi = {10.1145/3404868.3406668}
}
If you want to find out more about our project, have your network tested or wish to exclude your network from our scanning activities, please contact us.
This work is partially funded by the IDEX Université Grenoble Alpes "Initiative de Recherche Scientifique" within the framework of the PrevDDoS project, the Grenoble Alpes Cybersecurity Institute CYBER@ALPS, NCSC-NL, RIPE NCC and LSI Carnot.