Study by LACNIC on Anti-spoofing in the Region
By Graciela Martínez, Head of LACNIC CSIRT
A study on anti-spoofing conducted by LACNIC has identified weaknesses that need to be corrected for the proper implementation of good practices to mitigate IP spoofing in the networks of Latin American and Caribbean organizations.
IP spoofing refers to the creation of IP packets with a false source IP address for the purpose of impersonating another computer system. This technique allows launching various types of cyberattacks, which can cause great harm to Internet infrastructure.
The goal of this study was to improve the cybersecurity levels of the IP resources managed by LACNIC and to minimize the possible use of IP spoofing techniques to launch attacks on both Internet infrastructure and the networks of LACNIC member organizations.
One of the keys to dealing with IP spoofing is to raise awareness and increase the visibility of its potential negative consequences. This is why we at LACNIC offer these tools and studies so that the community can address the issue.
The work by LACNIC was based on data obtained from external sources and shows that the percentage of networks that are vulnerable to inbound IP spoofing (traffic entering a network) is less than 20%.
As the image shows, Brazil, Chile, French Guyana, Peru, Uruguay, and Suriname are the countries with the lowest percentage of networks vulnerable to inbound IP spoofing, while Guyana, Paraguay, and Venezuela are the ones with the highest percentage of networks vulnerable to inbound IP spoofing.
Recommendations. The team at LACNIC analyzed the data and then implemented a series of actions to allow organizations to detect and mitigate this problem. The study details these recommendations.
As a preview, faced with IP spoofing, we propose assessing the status of inbound traffic filtering (traffic entering a network from the Internet) and outbound traffic filtering (traffic that leaves a network towards the Internet) using the spoofer tool of the CAIDA Spoofer project.
The networks we tested show promising results with the correct implementation of the best practices associated with IP spoofing mitigation. However, a significant portion of the universe that is not taking action with regard to this problem is yet to be analyzed. Consequently, we believe it is important to conduct the tests and apply the best recommended practices.
The statistics have provided LACNIC CSIRT with information that will allow the team to work directly with member organizations and reduce the risk that the resources they have been assigned will be used for malicious purposes.
We hope this study will be the first step towards a significant increase in the networks that implement anti-spoofing techniques, and will therefore contribute to Internet security, stability, and resilience.