Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers

Conference paper (2020)

Authors

Maciej Korczyński Université Grenoble Alpes

Yevheniya Nosyk Université Grenoble Alpes

Q.B. Lone Organisation & Governance -

Marcin Skwarek Université Grenoble Alpes

Baptiste Jonglez Université Grenoble Alpes

Andrzej Duda Université Grenoble Alpes

Research Group

Organisation & Governance () (TU Delft)

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:c4e656f1-b944-46a9-882d-f0ffebe1fa02

Published Date

2020

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Department

Multi Actor Systems

Research Group

Organisation & Governance

Abstract

This paper reports on the first Internet-wide active measurement study to enumerate networks not filtering incoming packets based on their source address. Our method identifies closed and open DNS resolvers handling requests from the outside of the network with the source address in the prefix of the tested network. The study gives the most complete picture of the inbound Source Address Validation deployment at network providers: 32,673 IPv4 ASes and 197,641 IPv4 BGP prefixes are vulnerable to spoofing of inbound traffic.

Files

3404868.3406668.pdf

(.pdf | 0.474 Mb)