Inferring the Deployment of Source Address Validation Filtering using Silence of Path-Backscatter

IP source spoofing is a consequence of lack of packet level authentication in the Internet which allows attackers to carry out Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. Source address validation filtering is one of the most important scheme that is deployed in the Internet to deter such attacks by filtering the spoofed IP packets. In this paper, we propose a novel scheme to study the deployment of source address validation-filtering by using some special path backscatter messages that are generated by the spoofed traffic. We use the long term absence of such messages from an Autonomous System (AS) to classify it as non-spoofer AS. We use Caida's backscatter dataset for our study. We provide the list of spoofer and non-spoofer ASes from the given dataset. We also provide detailed mathematical analysis for calculating the amount of time we need to wait before declaring an AS as a non-spoofer. Besides, we use the normal approximation of binomial distribution to calculate confidence interval for the proportion of ASes allowing spoofing and to test the hypothesis regarding the spoofing activity in the Internet.