TY  - GEN
SP  - 311
N1  - This work is licensed under a Creative Commons Attribution International 4.0 License.
KW  - traffic testing
KW  - 
ISPs
KW  - 
internet routing
KW  - 
IP spoofing
KW  - 
KW  - 
TCP
KW  - 
BGP
PB  - Association for Computing Machinery (ACM)
A1  - Gigis, Petros
A1  - Handley, Mark James
A1  - Vissicchio, Stefano
AV  - public
TI  - Bad Packets Come Back, Worse Ones Don't
CY  - Sydney, NSW, Australia
Y1  - 2024///
EP  - 326
UR  - https://doi.org/10.1145/3651890
ID  - discovery10195697
N2  - ISPs may notice that traffic from certain sources is entering their network at an unexpected location, but it is hard to know if this represents a problem or is just normal spoofed background noise. If such traffic is not spoofed, it would be useful to generate alerts, but alerting on background noise is not useful.
We describe Penny, a test ISPs can run to tell unspoofed traffic aggregates arriving on the wrong port from spoofed ones. The idea is simple: when receiving new traffic at unexpected routers, drop a few TCP packets. Non-spoofed TCP packets ("bad packets") will be retransmitted while spoofed ones ("worse packets") will not. However, building a robust test on top of this simple idea is subtle. We show how to deal with conflicting goals: minimizing performance degradation for legitimate flows, dealing with external conditions such as path changes and remote packet loss, and ensuring robustness against spoofers trying to evade our test.
ER  -