Using loops observed in traceroute to infer the ability to spoof

Qasim Lone*, Matthew Luckie, Maciej Korczyński, Michel Van Eeten

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

13 Citations (Scopus)
96 Downloads (Pure)


Despite source IP address spoofing being a known vulnerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a popular attack method for redirection, amplification, and anonymity. To defeat these attacks requires operators to ensure their networks filter packets with spoofed source IP addresses, known as source address validation (SAV), best deployed at the edge of the network where traffic originates. In this paper, we present a new method using routing loops appearing in traceroute data to infer inadequate SAV at the transit provider edge, where a provider does not filter traffic that should not have come from the customer. Our method does not require a vantage point within the customer network. We present and validate an algorithm that identifies at Internet scale which loops imply a lack of ingress filtering by providers. We found 703 provider ASes that do not implement ingress filtering on at least one of their links for 1,780 customer ASes. Most of these observations are unique compared to the existing methods of the Spoofer and Open Resolver projects. By increasing the visibility of the networks that allow spoofing, we aim to strengthen the incentives for the adoption of SAV.

Original languageEnglish
Title of host publicationPassive and Active Measurement - 18th International Conference, PAM 2017, Proceedings
EditorsSteve Uhlig, Johanna Amann, Mohamed Ali Kaafar
Number of pages13
ISBN (Print)9783319543277
Publication statusPublished - 2017
Event18th International Conference on Passive and Active Measurement, PAM 2017 - Sydney, Australia
Duration: 30 Mar 201731 Mar 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10176 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference18th International Conference on Passive and Active Measurement, PAM 2017
City Sydney


Dive into the research topics of 'Using loops observed in traceroute to infer the ability to spoof'. Together they form a unique fingerprint.

Cite this