Development of a Novel Methods for Detecting

---

Abstract

IP-Spoofing is an attack that forges the source “IP- Address” to mislead the receiver about the sender, making it difficult to trace back. Existing IP-Spoofing prevention methods like Ingress/Egress filtering, and Reverse Path Forwarding have the following limitations: they filter only the IP Packets of the local network, limited logging capabilities, and work only for specific types of TCP/IP protocol attacks. This paper introduces BGP- ASE, an effective method called Border Gateway Protocol Anti-Spoofing Extension, designed to combat IP spoofing by successfully intercepting and preventing the transmission of fraudulent packets. The proposed mechanism is tested using emulation network environments consisting of Mininet, OpenFlow Switch, and POX Controller. The usage of random filter placement improves the performance for dropping attack packets ratio. BGP-ASE is more potent than Ingress/Egress and RPF filtering in dropping attack packets. In the BGP-ASE mechanism, only 30% of transit Autonomous Systems can filter greater than 90% of the malicious packets. BGP-ASE also has the following desirable properties - Initial-Benefits for early users, Incremental-Benefits for subsequent users, and effectiveness in partial deployment.

---

Keywords

Border-Gateway Protocol (BGP); Ingress Filtering; IP-Spoofing; ReversePath Forwarding; Security; Spoofed Attack.