• Maciej Korczyński
  • Yevheniya Nosyk
  • Qasim Lone
  • Marcin Skwarek
  • Baptiste Jonglez
  • Andrzej Duda

This paper concerns the problem of the absence of ingress filtering at the network edge, one of the main causes of important network security issues. Numerous network operators do not deploy the best current practice—Source Address Validation (SAV) that aims at mitigating these issues. We perform the first Internet-wide active measurement study to enumerate networks not filtering incoming packets by their source address. The measurement method consists of identifying closed and open DNS resolvers handling requests coming from the outside of the network with the source address from the range assigned inside the network under the test. The proposed method provides the most complete picture of the inbound SAV deployment state at network providers. We reveal that 32 673 Autonomous Systems (ASes) and 197 641 Border Gateway Protocol (BGP) prefixes are vulnerable to spoofing of inbound traffic. Finally, using the data from the Spoofer project and performing an open resolver scan, we compare the filtering policies in both directions.

Original languageEnglish
Title of host publicationPassive and Active Measurement - 21st International Conference, PAM 2020, Proceedings
EditorsAnna Sperotto, Alberto Dainotti, Burkhard Stiller
PublisherSpringer Open
Number of pages15
ISBN (Print)9783030440800
Publication statusPublished - 2020
Event21st International Conference on Passive and Active Measurement, PAM 2020 - Eugene, United States
Duration: 30 Mar 202031 Mar 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12048 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference21st International Conference on Passive and Active Measurement, PAM 2020
CountryUnited States

    Research areas

  • DNS resolvers, IP spoofing, Source Address Validation

ID: 72218028