ASIC/FPGA Design and Verification Out Source Services
IP TTL filter
where to use and why is it required.
IP TTL spoofed packet block implemented, design and verification, using vhdl
I read recently, that some linux kernels have the ability to block spoofed
packets. Some hackers attack servers by sending many packets. They also put
some fake data in the offending packets.
The arrival of multiple packets, with
a well known source IP, in the spoofed packet, causes many interrupts in
the server. This, in the best case, results with a degraded performance.
Some kernels try to counter attack with an IP TTL block spoofed filter.
I have decided to build such a filter in hardware. I would like to do the job in
hardware, therefor offloading the kernel from this job.
The idea is to have two main states in hardware machine, per each incoming IP
namely: learning and check. In the former the hardware machine will build a
table, per each incoming source IP, where it will average the TTL values
of the packet. Once a
programmable number of TTL values, for a given packet, have been studied, the
hardware machine switches to check mode. During check mode, if a packet
arrives and its TTL is outside an allowable range, a block packet indication
is set.
Such an implementation requires memory. With the way the design is implemented
any memory smaller than 32 bits addressable, for IPV4, can be used.
For more details please send an e-mail
and put in the subject:
IP TTL filter.
Also please a description of the
hardware machine.
|