Skip to main content
Article thumbnail
Location of Repository

An incrementally deployable protocol for learning the valid incoming direction of IP packets

By Toby Ehrenkranz and Jun Li


Routers in today’s Internet do not know which direction a packet with a given source address should come from. This problem not only allows IP spoofing to run wild—as routers cannot check the validity of a packet’s source address based on its incoming direction—but also hinders the reliability of many source-relevant functions at routers, such as per-source fair queuing, source-based traffic management, source-based congestion control, or reverse path forwarding. This research designs and evaluates an incrementally deployable protocol, ID-SAVE, that enables a subset of routers on the Internet to learn the valid incoming direction of packets from each other. With such knowledge, these routers can check whether a packet is from a valid direction based on its source address, thus determining whether the source address of the packet is valid—even when not all routers employ this new protocol. ID-SAVE not only makes source-based functions more reliable, but also addresses the root cause of IP spoofing prevalence. The evaluation also shows that ID-SAVE is effective and accurate in catching spoofed packets while incurring a low overhead. 1

Year: 2007
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.