Is a block spoof IP filter in hardware is required

IP TTL spoofed packet block in hardware

I read recently, that some linux kernels have the ability to block spoofed packets. Some hackers attack servers by sending many packets. They also put some fake data in the offending packets. The arrival of multiple packets, with a well known source IP, in the spoofed packet, causes many interrupts in the server. This, in the best case, results with a degraded performance. Some kernels try to counter attack with an IP TTL block spoofed filter. I have decided to build such a filter in hardware. It would try to do the job in hardware, therefor offloads the kernel from this job. The idea is to have two main states in hardware machine, per each incoming IP namely: learning and check. In the former the hardware machine will build a table, per each incoming source IP, where it will average the TTL values of the packet. Once a programmable number of TTL values, for a given packet, have been studied, the hardware machine switches to check mode. During check mode, if a packet arrives and its TTL is outside an allowable range, a block packet indication is set. Such an implementation requires memory. With the way the design is implemented any memory smaller than 32 bits addressable, for IPV4, can be used.

Is a block spoof IP filter in hardware is required? Please let me know what you think.

--------------------------------------- Posted through

formatting link

Reply to
pini_kr
Loading thread data ...

Since thisis comp.arch.fpga, seems like adding an FPGA to the appropriate part of a network card could allow one to program the appropriate filtering.

That is, you don't have to know now what to do, but allow those using it to do it.

I am not so sure how hard it is to add FPGA-style logic to an ASIC. Seems like that would also be useful.

-- glen

Reply to
glen herrmannsfeldt

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.