Redirigiendo al acceso original de articulo en 17 segundos...
Inicio  /  Computers  /  Vol: 8 Par: 4 (2019)  /  Artículo
ARTÍCULO
TITULO

IP Spoofing In and Out of the Public Cloud: From Policy to Practice

Natalija Vlajic    
Mashruf Chowdhury and Marin Litoiu    

Resumen

In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a public Cloud provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud providers. These results show that most of the tested public Cloud providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the public Cloud providers to deploy better techniques for detection and elimination of spoofed IP traffic.

 Artículos similares

       
 
Farid Lalem, Abdelkader Laouid, Mostefa Kara, Mohammed Al-Khalidi and Amna Eleyan    
Digital signature schemes are practical mechanisms for achieving message integrity, authenticity, and non-repudiation. Several asymmetric encryption techniques have been proposed in the literature, each with its proper limitations. RSA and El Gamal prove... ver más
Revista: Applied Sciences

 
Konstantinos Filippou, George Aifantis, George A. Papakostas and George E. Tsekouras    
In this paper, we built an automated machine learning (AutoML) pipeline for structure-based learning and hyperparameter optimization purposes. The pipeline consists of three main automated stages. The first carries out the collection and preprocessing of... ver más
Revista: Information

 
Markus Schwegler, Christoph Müller and Alexander Reiterer    
Integrated gradients is an explainable AI technique that aims to explain the relationship between a model?s predictions in terms of its features. Adapting this technique to point clouds and semantic segmentation models allows a class-wise attribution of ... ver más
Revista: Algorithms

 
Rajesh Natarajan, Gururaj Harinahallo Lokesh, Francesco Flammini, Anitha Premkumar, Vinoth Kumar Venkatesan and Shashi Kant Gupta    
Background: The Internet of Medical Things, often known as IoMT, is a revolutionary method of connecting medical equipment and the software that operates on it to the computer networks that are used in healthcare 5.0. The rapid development of smart medic... ver más
Revista: Infrastructures

 
Sangsu Choi, Kajoong Yoon, Miae Kim, Jintak Yoo, Bonghyeon Lee, Inho Song and Jungyub Woo    
Metaverse is a compound word of ?Meta? and ?Universe?, meaning a world that transcends reality, a new virtual world. Due to the COVID-19 pandemic, non-face-to-face further accelerated the activation of the Metaverse. The Metaverse has the attractiveness ... ver más
Revista: Applied Sciences