Defense against DDoS Attacks Using IP Address Spoofing
Distributed Denial of Service (DDoS) attacks is launched by large number of compromised host to interrupt the services of the legitimate users. It is most challenging to defense against such attacks because most of the attacker use source IP address spoofing in order to hide their identity and such attack packets appear to the target server as if they came from a legitimate client. In this paper, defense mechanism is presented that classify packets as legitimate or attack using cryptographic technique and filter the attack packets. Once the packets are classified attack packets are dropped at the border router of the target network before reaching the victim. The mechanism is easy to implement without requiring restrictions or additional changes to internet routing protocols. The efficiency of algorithm in identifying spoof attack packets is evaluated by simulation experiments in NS3.