Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington."— Presentation transcript:

1 SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {lijun, sunshine, wangmq, reiher, lixia}@cs.ucla.edu

2 Our Approach  Provide information to the routers what is valid range of addresses for each incoming link  Filter out packets with source address not from valid range

3 Motivation  Eliminate IP spoofing  Enhance some other protocols: multicast, fair queuing

4 How is this different from ingress filtering? A C B from A

5 Why not augment routing protocol? A C B D F

6 A C B D F

7 Our Approach - More Detail  Every router is associated with range of addresses he “takes care of”  For every destination from his forwarding table router generates SAVE update  This update is forwarded to destination and state is stored in intermediate routers associating addresses from update with incoming link  Updates are generated periodically and whenever forwarding entry changes

8 Challenges  Security  Partial deployment  Overhead (memory, bandwidth)

9 For More Info... http://fmg-www.cs.ucla.edu/adas

10 Storage Cost - single domain

11 Storage Cost - multiple domains

12 Triggered BW Cost - multiple domains

13 Periodic BW Cost - single domain

14 Periodic BW Cost - multiple domains

Download ppt "SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington."

Similar presentations

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
Dynamic Routing Overview 1.

Dynamic Routing Overview 1.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.
1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
Dec 6, 2007CS573: Network Protocols and Standards1 Transparent Bridging Network Protocols and Standards Winter 2007-2008.

Dec 6, 2007CS573: Network Protocols and Standards1 Transparent Bridging Network Protocols and Standards Winter
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
A Framework for Scalable Global IP-Anycast Sigcomm 2000, Dina Katabi Presented by Wei Yu.

A Framework for Scalable Global IP-Anycast Sigcomm 2000, Dina Katabi Presented by Wei Yu.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,

A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,
1 Hierarchical Distance-Vector Multicast Routing for MBone Presented by Nitin Deshpande Darpan Bhuva.

1 Hierarchical Distance-Vector Multicast Routing for MBone Presented by Nitin Deshpande Darpan Bhuva.
Ningning HuCarnegie Mellon University1 A Measurement Study of Internet Bottlenecks Ningning Hu (CMU) Joint work with Li Erran Li (Bell Lab) Zhuoqing Morley.

Ningning HuCarnegie Mellon University1 A Measurement Study of Internet Bottlenecks Ningning Hu (CMU) Joint work with Li Erran Li (Bell Lab) Zhuoqing Morley.
ROUTING PROTOCOL IGRP. REVIEW 4 Purpose of Router –determine best path to destination –pass the frames to the destination 4 Protocols –routed - used by.

ROUTING PROTOCOL IGRP. REVIEW 4 Purpose of Router –determine best path to destination –pass the frames to the destination 4 Protocols –routed - used by.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,

Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,

Similar presentations

Ads by Google