Gigis, Petros; Handley, Mark James; Vissicchio, Stefano; (2024) Bad Packets Come Back, Worse Ones Don't. In: ACM SIGCOMM '24: Proceedings of the ACM SIGCOMM 2024 Conference. (pp. pp. 311-326). Association for Computing Machinery (ACM): Sydney, NSW, Australia.

Preview

Text Penny_sigcomm24.pdf - Published Version Download (5MB) | Preview

Abstract

ISPs may notice that traffic from certain sources is entering their network at an unexpected location, but it is hard to know if this represents a problem or is just normal spoofed background noise. If such traffic is not spoofed, it would be useful to generate alerts, but alerting on background noise is not useful. We describe Penny, a test ISPs can run to tell unspoofed traffic aggregates arriving on the wrong port from spoofed ones. The idea is simple: when receiving new traffic at unexpected routers, drop a few TCP packets. Non-spoofed TCP packets ("bad packets") will be retransmitted while spoofed ones ("worse packets") will not. However, building a robust test on top of this simple idea is subtle. We show how to deal with conflicting goals: minimizing performance degradation for legitimate flows, dealing with external conditions such as path changes and remote packet loss, and ensuring robustness against spoofers trying to evade our test.

Download activity - last month

Export as JSONXMLCSV

Download activity - last 12 months

Export as CSVXMLJSON

Downloads by country - last 12 months

Export as CSVJSONXML

Archive Staff Only

View Item