eprintid: 10195697
rev_number: 7
eprint_status: archive
userid: 699
dir: disk0/10/19/56/97
datestamp: 2024-08-13 10:41:02
lastmod: 2024-08-13 10:41:02
status_changed: 2024-08-13 10:41:02
type: proceedings_section
metadata_visibility: show
sword_depositor: 699
creators_name: Gigis, Petros
creators_name: Handley, Mark James
creators_name: Vissicchio, Stefano
title: Bad Packets Come Back, Worse Ones Don't
ispublished: pub
divisions: UCL
divisions: B04
divisions: F48
keywords: traffic testing,
ISPs,
internet routing,
IP spoofing,,
TCP,
BGP
note: This work is licensed under a Creative Commons Attribution International 4.0 License.
abstract: ISPs may notice that traffic from certain sources is entering their network at an unexpected location, but it is hard to know if this represents a problem or is just normal spoofed background noise. If such traffic is not spoofed, it would be useful to generate alerts, but alerting on background noise is not useful.
We describe Penny, a test ISPs can run to tell unspoofed traffic aggregates arriving on the wrong port from spoofed ones. The idea is simple: when receiving new traffic at unexpected routers, drop a few TCP packets. Non-spoofed TCP packets ("bad packets") will be retransmitted while spoofed ones ("worse packets") will not. However, building a robust test on top of this simple idea is subtle. We show how to deal with conflicting goals: minimizing performance degradation for legitimate flows, dealing with external conditions such as path changes and remote packet loss, and ensuring robustness against spoofers trying to evade our test.
date: 2024
date_type: published
publisher: Association for Computing Machinery (ACM)
official_url: https://doi.org/10.1145/3651890
oa_status: green
full_text_type: pub
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 2302963
doi: 10.1145/3651890.3672259
isbn_13: 979-8-4007-0614-1
lyricists_name: Vissicchio, Stefano
lyricists_name: Gkigkis, Petros
lyricists_id: SVISS67
lyricists_id: PGKIG63
actors_name: Vissicchio, Stefano
actors_id: SVISS67
actors_role: owner
full_text_status: public
pres_type: paper
publication: SIGCOMM
place_of_pub: Sydney, NSW, Australia
pagerange: 311-326
event_title: ACM SIGCOMM '24: ACM SIGCOMM 2024 Conference
book_title: ACM SIGCOMM '24: Proceedings of the ACM SIGCOMM 2024 Conference
citation:        Gigis, Petros;    Handley, Mark James;    Vissicchio, Stefano;      (2024)    Bad Packets Come Back, Worse Ones Don't.                     In:  ACM SIGCOMM '24: Proceedings of the ACM SIGCOMM 2024 Conference.  (pp. pp. 311-326).  Association for Computing Machinery (ACM): Sydney, NSW, Australia.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10195697/1/Penny_sigcomm24.pdf