Sponsor: DARPA ATO FTN under Grant No. F30602-01-2-0530
Principal Investigator: Dr. Kihong Park, Purdue University
Dr. Ali Selcuk
Dr. Heejo Lee (postdoc; presently with Ahnlab Inc.)
Dr. Jae-Kwon Kim (research scientist)
Vignesh Sukumar (research assistant)
Our approach, route-based distributed packet filtering, exploits the fact that routing (e.g., BGP in inter-domain routing) imposes constraints on what paths a packet inscribed with given source and destination addresses can take (in Internet routing protocols only the destination address is consulted) to discard spoofed IP packets whenever it is safe to do so. Since a single autonomous system or router can only do so much, the key problem lies in understanding with what degree of coverage or deployment significant protective performance can be achieved.
The Static DPF Simulator (v.1) is a software tool kit that allows performance evaluation of route-based distributed packet filtering (DPF) to be carried out on large network topologies. The tool has been used to perform benchmarking on measurement-based Internet autonomous system (AS) topologies, including NLANR, RIPE, CAIDA, OREGON+, and Mercator/ISI. The tool gives exact performance results (in this sense not a typical "simulator") with respect to proactive and reactive filtering performance aimed at preventing spoofed distributed denial-of-service (DDoS) attacks. The input specification includes network topology, selection of filter sites, filter type, and routing algorithm. The route tables and filter sites can be read in at initialization, which facilitates performance evaluation under different routing and filter selection criteria. The tool kit includes a number of scripts for data conversion, transit/stub AS classification, and performance metric calculation.
The Static DPF Simulator (v.1) is available at http://www.cs.purdue.edu/nsl/DPF.tar.gz (2.4 MB) The ./README and ./doc/dpf.ps files provide documentation on the usage and internal structure of the tool kit.
Update in progress