Methods, systems and computer program products for detecting a spoofed source address in IP datagrams
First Claim
1. A method of determining if a packet has a spoofed source Internet Protocol (IP) address, comprising:
- evaluating a source media access control (MAC) address of the packet and the source IP address to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet; and
determining that the source IP address of the packet is spoofed if the source IP address is not bound to the source MAC address.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provided for determining if a packet has a spoofed source Internet Protocol (IP) address. A source media access control (MAC) address of the packet and the source IP address are evaluated to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet. The packet is determined to have a spoofed source IP address if the evaluation indicates that the source IP address is not bound to the source MAC address. Such an evaluation may be made for packets having a subnet of the source IP address which matches a subnet from which the packet originated.
-
Citations
46 Claims
-
1. A method of determining if a packet has a spoofed source Internet Protocol (IP) address, comprising:
-
evaluating a source media access control (MAC) address of the packet and the source IP address to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet; and
determining that the source IP address of the packet is spoofed if the source IP address is not bound to the source MAC address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of doing business, comprising:
-
monitoring packets to determine if a source IP address of the packet is bound to a source MAC address of the packet at a source device of the packet so as to determine if the source IP address of the packet has been spoofed; and
identifying packets having a spoofed source IP address so as to allow corrective action to be taken to reduce network degradation as a result of a denial of service attack utilizing spoofed source IP addresses. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A system for determining if a packet has a spoofed source Internet Protocol (IP) address, comprising:
-
means for evaluating a source media access control (MAC) address of the packet and the source IP address to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet; and
means for determining that the source IP address of the packet is spoofed if the source IP address is not bound to the source MAC address. - View Dependent Claims (41, 42, 43)
-
-
44. A system, comprising:
-
means for monitoring packets to determine if a source IP address of the packet is bound to a source MAC address of the packet at a source device of the packet so as to determine if the source IP address of the packet has been spoofed; and
means for identifying packets having a spoofed source IP address so as to allow corrective action to be taken to reduce network degradation as a result of a denial of service attack utilizing spoofed source IP addresses.
-
-
45. A computer program product for determining if a packet has a spoofed source Internet Protocol (IP) address, comprising:
-
a computer readable media having computer readable program code embodied therein, the computer readable program code comprising;
computer readable program code that evaluates a source media access control (MAC) address of the packet and the source IP address to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet; and
computer readable program code that determines that the source IP address of the packet is spoofed if the source IP address is not bound to the source MAC address.
-
-
46. A computer program product, comprising:
-
a computer readable media having computer readable program code embodied therein, the computer readable program code comprising;
computer readable program code that monitors packets to determine if a source IP address of the packet is bound to a source MAC address of the packet at a source device of the packet so as to determine if the source IP address of the packet has been spoofed; and
computer readable program code that identifies packets having a spoofed source IP address so as to allow corrective action to be taken to reduce network degradation as a result of a denial of service attack utilizing spoofed source IP addresses.
-
Specification