Home > Research > Publications & Outputs > SMap: Internet-wide Scanning for Spoofing

Research

Links

Text available via DOI:

View graph of relations

SMap: Internet-wide Scanning for Spoofing

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

SMap: Internet-wide Scanning for Spoofing. / Dai, Tianxiang; Shulman, Haya.
ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference. New York: ACM, 2021. p. 1039-1050.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Dai, T & Shulman, H 2021, SMap: Internet-wide Scanning for Spoofing. in ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference. ACM, New York, pp. 1039-1050. https://doi.org/10.1145/3485832.3485917

APA

Dai, T., & Shulman, H. (2021). SMap: Internet-wide Scanning for Spoofing. In ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference (pp. 1039-1050). ACM. https://doi.org/10.1145/3485832.3485917

Vancouver

Dai T, Shulman H. SMap: Internet-wide Scanning for Spoofing. In ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference. New York: ACM. 2021. p. 1039-1050 doi: 10.1145/3485832.3485917

Author

Dai, Tianxiang ; Shulman, Haya. / SMap: Internet-wide Scanning for Spoofing. ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference. New York : ACM, 2021. pp. 1039-1050

Bibtex

@inproceedings{d8223fd5ce724b6d8175d539a2cda230,
title = "SMap: Internet-wide Scanning for Spoofing",
abstract = "To protect themselves from attacks, networks need to enforce ingress filtering, i.e., block inbound packets sent from spoofed IP addresses. Although this is a widely known best practice, it is still not clear how many networks do not block spoofed packets. Inferring the extent of spoofability at Internet scale is challenging and despite multiple efforts the existing studies currently cover only a limited set of the Internet networks: they can either measure networks that operate servers with faulty network-stack implementations, or require installation of the measurement software on volunteer networks, or assume specific properties, like traceroute loops. Improving coverage of the spoofing measurements is critical.In this work we present the Spoofing Mapper (SMap): the first scanner for performing Internet-wide studies of ingress filtering. SMap evaluates spoofability of networks utilising standard protocols that are present in almost any Internet network. We applied SMap for Internet-wide measurements of ingress filtering: we found that 69.8% of all the Autonomous Systems (ASes) in the Internet do not filter spoofed packets and found 46880 new spoofable ASes which were not identified in prior studies. Our measurements with SMap provide the first comprehensive view of ingress filtering deployment in the Internet as well as remediation in filtering spoofed packets over a period of two years until May 2021.We set up a web service at https://smap.cad.sit.fraunhofer.de to perform continual Internet-wide data collection with SMap and display statistics from spoofing evaluation. We make our datasets as well as the SMap (implementation and the source code) publicly available to enable researchers to reproduce and validate our results, as well as to continually keep track of changes in filtering spoofed packets in the Internet.",
author = "Tianxiang Dai and Haya Shulman",
year = "2021",
month = dec,
day = "6",
doi = "10.1145/3485832.3485917",
language = "English",
pages = "1039--1050",
booktitle = "ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference",
publisher = "ACM",

}

RIS

TY - GEN

T1 - SMap: Internet-wide Scanning for Spoofing

AU - Dai, Tianxiang

AU - Shulman, Haya

PY - 2021/12/6

Y1 - 2021/12/6

N2 - To protect themselves from attacks, networks need to enforce ingress filtering, i.e., block inbound packets sent from spoofed IP addresses. Although this is a widely known best practice, it is still not clear how many networks do not block spoofed packets. Inferring the extent of spoofability at Internet scale is challenging and despite multiple efforts the existing studies currently cover only a limited set of the Internet networks: they can either measure networks that operate servers with faulty network-stack implementations, or require installation of the measurement software on volunteer networks, or assume specific properties, like traceroute loops. Improving coverage of the spoofing measurements is critical.In this work we present the Spoofing Mapper (SMap): the first scanner for performing Internet-wide studies of ingress filtering. SMap evaluates spoofability of networks utilising standard protocols that are present in almost any Internet network. We applied SMap for Internet-wide measurements of ingress filtering: we found that 69.8% of all the Autonomous Systems (ASes) in the Internet do not filter spoofed packets and found 46880 new spoofable ASes which were not identified in prior studies. Our measurements with SMap provide the first comprehensive view of ingress filtering deployment in the Internet as well as remediation in filtering spoofed packets over a period of two years until May 2021.We set up a web service at https://smap.cad.sit.fraunhofer.de to perform continual Internet-wide data collection with SMap and display statistics from spoofing evaluation. We make our datasets as well as the SMap (implementation and the source code) publicly available to enable researchers to reproduce and validate our results, as well as to continually keep track of changes in filtering spoofed packets in the Internet.

AB - To protect themselves from attacks, networks need to enforce ingress filtering, i.e., block inbound packets sent from spoofed IP addresses. Although this is a widely known best practice, it is still not clear how many networks do not block spoofed packets. Inferring the extent of spoofability at Internet scale is challenging and despite multiple efforts the existing studies currently cover only a limited set of the Internet networks: they can either measure networks that operate servers with faulty network-stack implementations, or require installation of the measurement software on volunteer networks, or assume specific properties, like traceroute loops. Improving coverage of the spoofing measurements is critical.In this work we present the Spoofing Mapper (SMap): the first scanner for performing Internet-wide studies of ingress filtering. SMap evaluates spoofability of networks utilising standard protocols that are present in almost any Internet network. We applied SMap for Internet-wide measurements of ingress filtering: we found that 69.8% of all the Autonomous Systems (ASes) in the Internet do not filter spoofed packets and found 46880 new spoofable ASes which were not identified in prior studies. Our measurements with SMap provide the first comprehensive view of ingress filtering deployment in the Internet as well as remediation in filtering spoofed packets over a period of two years until May 2021.We set up a web service at https://smap.cad.sit.fraunhofer.de to perform continual Internet-wide data collection with SMap and display statistics from spoofing evaluation. We make our datasets as well as the SMap (implementation and the source code) publicly available to enable researchers to reproduce and validate our results, as well as to continually keep track of changes in filtering spoofed packets in the Internet.

U2 - 10.1145/3485832.3485917

DO - 10.1145/3485832.3485917

M3 - Conference contribution/Paper

SP - 1039

EP - 1050

BT - ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

PB - ACM

CY - New York

ER -