IP spoofing remains a problem today in the Internet. In this paper, a new system called Inter-Domain Routing Validator Based Spoofing Defence System (SDS) for filtering spoofed IP packets is proposed. SDS uses efficient symmetric key message authentication code (UM AC) as its tag to verify that a source IP address is valid. Different ASes border routers obtain a shared key via the Inter-Domain Routing Validator (IRV) servers which will manage the secret keys and exchange keys among different ASes via security communication channel. SDS is efficient, secure and easy to cooperate with other defence mechanisms.
展开▼