Next Article in Journal
Smart Health and Safety Equipment Monitoring System for Distributed Workplaces
Previous Article in Journal
Design and Implementation of SFCI: A Tool for Security Focused Continuous Integration
Open AccessArticle

IP Spoofing In and Out of the Public Cloud: From Policy to Practice

Department of Electrical Engineering & Computer Science, York University, Toronto, ON M3J 1P3, Canada
*
Author to whom correspondence should be addressed.
Computers 2019, 8(4), 81; https://doi.org/10.3390/computers8040081
Received: 28 August 2019 / Revised: 24 October 2019 / Accepted: 25 October 2019 / Published: 9 November 2019
In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a public Cloud provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud providers. These results show that most of the tested public Cloud providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the public Cloud providers to deploy better techniques for detection and elimination of spoofed IP traffic. View Full-Text
Keywords: IP spoofing; network security; cloud computing; firewalls; computer crime IP spoofing; network security; cloud computing; firewalls; computer crime
Show Figures

Figure 1

MDPI and ACS Style

Vlajic, N.; Chowdhury, M.; Litoiu, M. IP Spoofing In and Out of the Public Cloud: From Policy to Practice. Computers 2019, 8, 81.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop