Source Address verification architecture problem statement. IETF Internet Draft, draft-wu-sava-framework-01, 2007 Source Address validation architecture (SAVA) framework. IETF Internet Draft, draft-wu-sava-solution-firsthop-eap-00, 2007 A first-hop source address validation solution for SAVA. A source address validation architecture (SAVA) testbed and deployment experience. Source address validation: Architecture and protocol design. ACM SIGCOMM, 2000īelenky A, Ansari N, IP traceback with deterministic packet marking. Practical network support for IP traceback. ICMP traceback with cumulative path, an efficient solution for IP traceback. IETF Internet Draft, draft-ietf-itrace-03, 2003 ACM SIGCOMM, 2001īellovin S, Leech M, Taylor T. Snoeren A, Partridge C, Sanchez L, et al. Hop-count filtering: an effective defense against spoofed DDoS traffic. SAVE: Source address validity enforcement protocol. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. Security Architecture for the Internet Protocol. We believe that the SAVA will help the transition to a new, more secure and dependable Internet. This architecture is deployed into the CNGI-CERNET2 infrastructure-a large-scale native IPv6 backbone network of the China Next Generation Internet project. The performance and scalability of SAVA are described. This paper discusses the design and implementation for the architecture, including inter-AS, intra-AS and local subnet. The design goals of the architecture are lightweight, loose coupling, “multi-fence support” and incremental deployment. Based on the drastically increased IPv6 address space, a “source address validation architecture” (SAVA) is proposed in this paper, which can guarantee that every packet received and forwarded holds an authenticated source IP address. This causes serious security, management and accounting problems. In the forwarding process, the source IP address is not checked in most cases.
The IP packet forwarding of current Internet is mainly destination based.
0 kommentar(er)
