43 research outputs found
IPv6 Ingress filtering in a multihoming environment
International audienceThis paper proposes to solve the ingress filtering issue in an IPv6 multihomed edge network with the Selection of the Default-route according to the Source Address of a packet
Source-specific routing
Source-specific routing (not to be confused with source routing) is a routing
technique where routing decisions depend on both the source and the destination
address of a packet. Source-specific routing solves some difficult problems
related to multihoming, notably in edge networks, and is therefore a useful
addition to the multihoming toolbox. In this paper, we describe the semantics
of source-specific packet forwarding, and describe the design and
implementation of a source-specific extension to the Babel routing protocol as
well as its implementation - to our knowledge, the first complete
implementation of a source-specific dynamic routing protocol, including a
disambiguation algorithm that makes our implementation work over widely
available networking APIs. We further discuss interoperability between ordinary
next-hop and source-specific dynamic routing protocols. Our implementation has
seen a moderate amount of deployment, notably as a testbed for the IETF Homenet
working group
Recommended from our members
Configuration Management and Security
Proper configuration management is vital for host and network security. We outline the problems, especially for large-scale environments, and discuss the security aspects of a number of different configuration scenarios, including security appliances (e.g., firewalls), desktop and server computers, and PDAs. We conclude by discussing research challenges
Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic
This paper concerns the problem of the absence of ingress filtering at the
network edge, one of the main causes of important network security issues.
Numerous network operators do not deploy the best current practice - Source
Address Validation (SAV) that aims at mitigating these issues. We perform the
first Internet-wide active measurement study to enumerate networks not
filtering incoming packets by their source address. The measurement method
consists of identifying closed and open DNS resolvers handling requests coming
from the outside of the network with the source address from the range assigned
inside the network under the test. The proposed method provides the most
complete picture of the inbound SAV deployment state at network providers. We
reveal that 32 673 Autonomous Systems (ASes) and 197 641 Border Gateway
Protocol (BGP) prefixes are vulnerable to spoofing of inbound traffic. Finally,
using the data from the Spoofer project and performing an open resolver scan,
we compare the filtering policies in both directions