Source Address Validation
Maciej Korczy\'nski, Yevheniya Nosyk
TL;DR
This paper discusses the importance of source address validation (SAV) in preventing spoofed IP packets, highlighting its roles in outbound and inbound filtering to mitigate reflection DDoS attacks.
Contribution
It clarifies the concepts of outbound and inbound SAV, emphasizing their significance in network security and attack prevention.
Findings
SAV is crucial for preventing spoofed IP attacks.
Absence of SAV contributes to reflection DDoS attacks.
Differentiates between outbound and inbound SAV applications.
Abstract
Source address validation (SAV) is a standard formalized in RFC 2827 aimed at discarding packets with spoofed source IP addresses. The absence of SAV has been known as a root cause of reflection distributed denial-of-service (DDoS) attacks. Outbound SAV (oSAV): filtering applied at the network edge to traffic coming from inside the customer network to the outside. Inbound SAV (iSAV): filtering applied at the network edge to traffic coming from the outside to the customer network.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.