A Reproducibility Study of "IP Spoofing Detection in Inter-Domain Traffic"

Abstract

IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks. In this reproducibility study, we revisit the paper Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses published at ACM IMC 2017. Using data from a different IXP and from a different time, we were not able to reproduce the results. Unfortunately, our further analysis reveals structural problems of the state of the art methodology, which are not easy to overcome.