%0 Conference Proceedings
%T Detecting IP Spoofing by Modelling History of IP Address Entry Points
%+ Brno University of Technology  [Brno] (BUT)
%+ CESNET [Prague]
%A Kováčik, Michal
%A Kajan, Michal
%A Žádník, Martin
%Z Part 3: Security Management
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 7th International Conference on Autonomous Infrastructure (AIMS)
%C Barcelona, Spain
%Y Guillaume Doyen
%Y Martin Waldburger
%Y Pavel Čeleda
%Y Anna Sperotto
%Y Burkhard Stiller
%I Springer
%3 Emerging Management Mechanisms for the Future Internet
%V LNCS-7943
%P 73-83
%8 2013-06-25
%D 2013
%R 10.1007/978-3-642-38998-6_9
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Since a lot of the networks do not apply source IP filtering to its outgoing traffic, an attacker may insert an arbitrary source IP address in an outgoing packet, i.e., IP address spoofing. This paper elaborates on a possibility to detect the spoofing in a large network peering with other networks. A proposed detection scheme is based on an analysis of NetFlow data collected at the entry points in the network. The scheme assumes that the network traffic originating from a certain source network enters the network under surveillance via a relatively stable set of points. The scheme has been tested on data from the real network.
%G English
%Z TC 6
%Z WG 6.6
%2 https://inria.hal.science/hal-01489972/document
%2 https://inria.hal.science/hal-01489972/file/978-3-642-38998-6_9_Chapter.pdf
%L hal-01489972
%U https://inria.hal.science/hal-01489972
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-7943