Prevent IP Spoofing Based On Link State Database (pisl)

Document Type Withdrawn by Submitter Internet-Draft (individual)
Authors Jun Bi  , Baobao Zhang , Bingyang Liu  , Fred Baker 
Last updated 2012-07-11 (latest revision 2012-05-31)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Withdrawn by Submitter
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Internet is suffering from severe DoS and DDoS attacks, and IP spoofing is one common used method to do DoS and DDoS attacks. IP spoofing refers to that attackers send packets with forged source IP addresses. In this memo, we propose one new approach of preventing IP spoofing, which we name PISL. The PISL-enabled router generates the incoming table for source addresses using link state database, which exists in two most widely used intra-domain protocols: OSPF and IS-IS. In this memo, we only describe PISL in the OSPF environment. The PISL-enabled router determines that a packet is spoofed if the packet arrives at an invalid incoming interface. PISL only uses the existing information and does not impose new control messages, so it is easy to be deployed. We have conducted simple simulation, which shows the high effectiveness of PISL: even if PISL is only deployed in 10% of all OSPF routers in a network, 80%~99% of spoofing cases in the network can be detected. Requirements


Jun Bi (
Baobao Zhang (
Bingyang Liu (
Fred Baker (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)