despoofed

- deep dive into packet spoofing
git clone git://git.acid.vegas/despoofed.git
Log | Files | Refs | Archive | README

README.md (6243B)

      1 # Despoofed
      2 > A deep dive into packet spoofing
      3 
      4 ## ROUGH DRAFT
      5 
      6 ## Introduction
      7 Packet spoofing is a deceptive technique in computer networks where the source address of a data packet is manipulated to appear as if it's coming from a trusted source, rather than its true origin. This alteration can be used to hide the actual source of the traffic, often for malicious purposes. By impersonating a trusted source, attackers can bypass network security measures, launch powerful reflection attacks like DDoS, gain unauthorized system access, or trick users into trusting and interacting with the manipulated data.
      8 
      9 ## The current state of packet spoofing
     10 Packet spoofing, while once more straightforward, has become increasingly challenging to execute today due to the widespread adoption of network security best practices and filtering mechanisms. One of the primary defenses against spoofing is "ingress filtering" or "source address validation." Based on a best practice recommended by documents such as [BCP 38](https://www.ietf.org/rfc/bcp/bcp38.html), ingress filtering involves checking the source address of incoming packets at the edge of a network. If the source address isn't valid or doesn't belong to the range of IP addresses managed by that network, the packet is discarded.
     11 
     12 Internet Service Providers and large network operators have been encouraged to implement these filters to ensure that traffic leaving their networks has a legitimate source address that belongs to their IP address space. By doing so, even if an attacker within their network tries to spoof an IP address, the malicious packets would be dropped before they reach the intended target.
     13 
     14 In summary, the combination of industry best practices like ingress filtering, advancements in networking technology, and the proactive measures taken by ISPs and network operators have made it significantly more challenging for attackers to successfully execute spoofing attacks in the modern internet landscape.
     15 
     16 ## Mothers Against Spoofed Packets
     17 [Mutually Agreed Norms for Routing Security](https://manrs.org) *(MANRS)* is a global initiative designed to bolster the security and resilience of the internet's routing infrastructure. By fostering collaboration among network operators and internet exchange points, MANRS aims to counter common routing threats.
     18 
     19 One of its primary focuses is on filtering and [anti-spoofing](https://www.manrs.org/netops/guide/antispoofing/), ensuring that traffic is from legitimate sources and thus directly combating IP spoofing. With the broad adoption of MANRS recommendations, many of the world's filters preventing spoofing have been implemented. Additionally, MANRS emphasizes efficient coordination among operators and global validation of routing information to further enhance network security.
     20 
     21 ###### Participants
     22 - [cdn/cloud providers](https://www.manrs.org/cdn-cloud-providers/participants/) *([csv](data/cdn.csv), [json](data/cdn.json))*
     23 - [ixps](https://www.manrs.org/ixps/participants/) *([csv](data/ixp.csv), [json](data/ixp.json))*
     24 - [network operators](https://www.manrs.org/netops/participants/) *([csv](data/netops.csv), [json](data/netops.json))*
     25 
     26 ###### Statical Coverage Report
     27 - **Total ASNs:** 1,403
     28 - **Total IPv4 Ranges:** 65,723
     29 - **Total IPv4 Addresses:** 774,313,984
     30 
     31 This accounts for roughly **25%** of the **routeable** address space.
     32 
     33 ## CAIDA
     34 The [CAIDA Spoofer Project](https://www.caida.org/projects/spoofer/) is an initiative undertaken by the [Center for Applied Internet Data Analysis](https://www.caida.org/) *(CAIDA)* to measure and analyze the susceptibility of the internet to source address validation *(SAV)* failures, which are often exploited in various cyberattacks, such as Distributed Denial of Service *(DDoS)* attacks using IP address spoofing. The project provides free software to the public, enabling individuals and organizations to test their networks for vulnerabilities related to IP spoofing. The gathered data is then used by researchers to create a global view of the current state of SAV enforcement and to devise strategies to improve internet security.
     35 
     36 The significance of the Spoofer Project lies in its potential to highlight areas of the internet that are vulnerable to spoofing attacks, thereby encouraging network operators to adopt best practices in network filtering. By offering a clear picture of the state of IP spoofing vulnerabilities worldwide, the project aims to drive change and reduce the potential for malicious actors to misuse the internet's infrastructure. The collaborative nature of the project, with participants from around the world, underscores the importance of collective efforts in ensuring a safer online environment.
     37 
     38 ###### Reports
     39 - https://spoofer.caida.org/summary.php
     40 - https://spoofer.caida.org/country_stats.php
     41 - https://spoofer.caida.org/as_stats.php
     42 
     43 You can lookup a specific ASN to get a report on it, for example here is the report for [OVH](https://spoofer.caida.org/as.php?asn=16276).
     44 
     45 ## References
     46 - [RFC 3704 - Ingress Filtering for Multihomed Networks](https://datatracker.ietf.org/doc/html/rfc3704)
     47 - [SAVing the Internet - Measuring the adoption of Source Address Validation (SAV) by network providers](https://pure.tudelft.nl/ws/portalfiles/portal/115359139/Final_Submission.pdf)
     48 - [MANRS API](https://manrs.stoplight.io/docs/manrs-public-api/38c368e1d6b43-manrs-public-api)
     49 - [DDoS Aspire Final Report](https://www.caida.org/funding/ddos-aspire/ddos-aspire_finalreport.pdf)
     50 - [Mind Your MANRS - Measuring the MANRS Ecosystem](https://www.caida.org/catalog/papers/2022_mind_your_manrs/mind_your_manrs.pdf)
     51 
     52 ## Todo
     53 - Compile list of blocked ASN's world-wide to discover ASN's that can allow spoofing
     54 - Shit on people like [this](https://spoofer.network/)
     55 - Show CAIDA spoofer software result samples
     56 - Include code to automate finding ASN's that will allow spoofing
     57 - CAIDA API documentation
     58 
     59 ___
     60 
     61 ###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/despoofed) • [SuperNETs](https://git.supernets.org/acidvegas/despoofed) • [GitHub](https://github.com/acidvegas/despoofed) • [GitLab](https://gitlab.com/acidvegas/despoofed) • [Codeberg](https://codeberg.org/acidvegas/despoofed)