Defending of IP Spoofing by Ingress Filter in Extended-Inter Domain Packet Key Marking System

The significance of the DDoS problem and the increased occurrence and strength of attacks has led to the dawn of numerous prevention mechanisms. IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. IP spoofing is one of the basic weaknesses in the Internet Protocol to launch the DDOS attack. Each prevention mechanism has some unique advantages and disadvantages over the others. The existing methods become ineffective due to a large number of filters required and they lack in information about where to place the filter. We propose Ingress filter in Extended Inter Domain Packet Key marking system .This paper comprises of two functional blocks namely, Key marking system and filtering blocks. In the marking block, each source is labeled with a key. The key is changed continuously for a certain period of time to provide secured system and is validated at border routers. In the filtering block, spoofed packets are filtered at the border router using Ingress filter to filter beyond periphery routers. The filter placement algorithm clearly put forwards the conditions under which the filter can operate accurately. The accuracy of the proposed systems is validated using Network Simulator (NS-2).