Intrusion Detection System with packet filtering for IP Spoofing

摘要

IP Spoofing is a problem without an easy solution, since it's inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.. Intrusion Detection System (IDS) has been used to secure these environments for sharing their data over network and host based IDS approaches. The rapid improvements of intrusions in internet and other networks are the main factors responsible for the propagation of different threats and vulnerabilities in the computing environment. Now a days the Ids makes use of the signature based detection approach which detects the actions based on analyzing the patterns such as text, password, time etc. So this will create difficulties in updating information and detecting unknown attacks. In this paper we make use of an improved EADS (Exception Agent Detection System) for making the header information secure. Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. In this paper, we also propose an inter-domain packet_filter (IDPF) architecture that can mitigate the level of IP spoofing on the Interne together with the IDS. We establish the conditions under which the IDPF framework works correctly in that it does not discard packets with valid source addresses. In this paper we propose an improved behavioral method for combating the unknown threats other that-- the usual context and content scanning techniques.