Towards Incentivizing ISPs To Mitigate Botnets

ISPs form a centralized point to control botnet infections. However, they do not have enough incentives to invest in mitigation of botnets. In this paper, we propose an approach based on comparative metrics to incentivize ISPs to mitigate botnets.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation

IP address counts are typically used as a surrogate metric for the number of hosts in a network, as in the case of ISP rankings based on botnet infected addresses. However, due to effects of dynamic IP address allocation, such counts tend to overestimate the number of hosts, sometimes by an order of magnitude. In the literature, the rate at...

Using loops observed in traceroute to infer the ability to spoof

Despite source IP address spoofing being a known vulnerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a popular attack method for redirection, amplification, and anonymity. To defeat these attacks requires operators to ensure their networks filter packets with spoofed source IP addresses...

Using Crowdsourcing Marketplaces for Network Measurements: The Case of Spoofer

Internet measurement tools are used to make inferences about network policies and practices across the Internet, such as censorship, traffic manipulation, bandwidth, and security measures. Some tools must be run from vantage points within individual networks, so are dependent on volunteer recruitment. A small pool of volunteers limits the...

Deployment of Source Address Validation by Network Operators: A Randomized Control Trial

IP spoofing, sending IP packets with a false source IP address, continues to be a primary attack vector for large-scale Denial of Service attacks. To combat spoofing, various interventions have been tried to increase the adoption of source address validation (SAV) among network operators. How can SAV deployment be increased? In this work, we...