Initial longitudinal analysis of IP source spoofing capability on the Internet

Abstract

The Spoofer project originated in 2005 as the results of discussions over the general ability to send spoofed-sourced IP packets across the Internet. At the time, a common misconception was that "most networks perform source address filtering, and, even if they don't, botnets remove any of the anonymity advantage afforded by spoofing". Such beliefs of course proved incorrect in light of a rash of spoofing-based denial-of-service attacks -- attacks that still occur to this day. Despite IP source spoofing being a known vunerability for at least 25 years, and despite many efforts to shed light on the problem, spoofing remains a viable attack vector for redirection, amplification, and anonymity as evidenced most recently and publicly in May 2013 during a 300+ Gb/s DDoS attack against Spamhaus.