Open Access  Subscription or Fee Access

IP address spoofing refers to the creation of Internet Protocol packets with a forged source IP address, called spoofing, it is a method of attacking a network in order to gain unauthorized access. The distributed denial-of-service (DDoS) attack is a serious threat to the legitimate use of the Internet. The attack is based on the fact that Internet communication between distant computers is routinely handled by routers which find the best route by examining the destination address. The origination address is only used by the destination machine when it responds back to the source Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. In this paper we try to introduce the IP address encryption using cryptography (specially the Blowfish algorithm) to Prevent by the ability of attackers to forge or spoof the source addresses in IP packets; it will maintain the session time between source node and the destination node to communicate and provide more secure channel to send data packet.

Algorithm, Blowfish, DDoS, Forged, IP, IPsec, Network, Unauthorized Access, Spoofing, Threat.

Mrs. Mridu Sahu, Rainey C. Lal ― Controlling IP Spoofing through Packet Filtering‖IJCTA online International Journal.

Zhenhai Duan, Xin Yuan and Jaideep Chandrashekar, ―Controlling IP Spoong Through Inter-Domain Packet Filters‖ IEEE members

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson ―Practical Network Support for IP Traceback‖ Department of Computer Science and Engineering University of Washington

Cheng Jin, Haining Wang and Kang G. Shin ―Hop-Count Filtering: An Effective Defense Against Spoofed Traffic‖

Kihong Park and Heejo Lee ―On the Effectiveness of RouteBased Packet Filtering for Distributed DoS Attack Prevention in PowerLaw Internets‖, Network Systems Lab; Department of Computer Sciences Purdue University West Lafayette.

Leila Fatmasari Rahman and Rui Zhou ― IP Address Spoofing‖, Albert-udwigs-Universität Freiburg, Institute for Computer Science

―SANS Institute InfoSec Reading Room‖ Copyright SANS Institute Author Retains.

ICANN/SSAC, .ICANN SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks,. Mar. 2006.

S. Staniford-Chen and L. T. Heberlein. Holding Intruders Accountable on the Internet. Proc. of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, pages 39-49, May 1995

B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish) Fast Software Encryption, Cambridge Security Workshop Proceedings, (December 1993), Springer-Verlag, 1994, pp. 191-204

―Information Security‖ Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Revised 19 May 2008 William C. Barker

―Guide to IPsec VPNs‖, by Sheila Frankel Karen Kent Ryan Lewkowski Angela D. Orebaugh Ronald W. Ritchey Steven R. Sharma , Special Publication 800-77

Cryptography, A. Antonov, F. Gounelas, J. Kauppila. June 13, 2006

Northcutt, Stephen, et al., Inside Network Perimeter Security (Second Edition), Sams, 2005.

Doraswamy, Naganand and Harkins, Dan, IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks (Second Edition), Prentice Hall PTR, 2003.

Detecting and Preventing Ip spoofed Attack by Hashed Encryption, Vimal Upadhyay (A.P St Margaret Engineering College Neemrana ) , Rajeev kumar (Pursuing M-Tech Arya College)