scholarly journals NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network

Electronics ◽  
2020 ◽  
Vol 9 (9) ◽  
pp. 1510 ◽  
Author(s):  
Prakash Veeraraghavan ◽  
Dalal Hanna ◽  
Eric Pardede
Keyword(s):  
Internet Protocol ◽  
The Internet ◽  
Network Address Translation ◽  
Ip Address ◽  
Address Translation ◽  
Corporate Network ◽  
Ip Spoofing ◽  
Simulation Results ◽  
Ip Packet

The Internet Protocol (IP) version 4 (IPv4) has several known vulnerabilities. One of the important vulnerabilities is that the protocol does not validate the correctness of the source address carried in an IP packet. Users with malicious intentions may take advantage of this vulnerability and launch various attacks against a target host or a network. These attacks are popularly known as IP Address Spoofing attacks. One of the classical IP-spoofing attacks that cost several million dollars worldwide is the DNS-amplification attack. Currently, the availability of solutions is limited, proprietary, expensive, and requires expertise. The Internet is subjected to several other forms of amplification attacks happening every day. Even though IP-Spoofing is one of the well-researched areas since 2005, there is no holistic solution available to solve this problem from the gross-root. Also, every solution assumes that the attackers are always from outside networks. In this paper, we provide an efficient and scalable solution to solve the IP-Spoofing problem that arises from malicious or compromised inside hosts. We use a modified form of Network Address Translation (NAT) to build our solution framework. We call our framework as NAT++. The proposed infrastructure is robust, crypto-free, and easy to implement. Our simulation results have shown that the proposed NAT++ infrastructure does not consume more than the resources required by a simple NAT.

scholarly journals Network Address Translation using a Programmable Dataplane Processor

2018 ◽  
Author(s):  
Juan Sebastian Mejia Vallejo ◽  
Daniel Lazkani Feferman ◽  
Christian Esteve Rothenberg
Keyword(s):  
Performance Evaluation ◽  
High Performance ◽  
Internet Protocol ◽  
Network Routing ◽  
Short Term ◽  
Network Address Translation ◽  
Ip Address ◽  
Ip Addresses ◽  
Address Translation ◽  
Network Address Translators

A short-term solution for the depletion of Internet Protocol (IP) addresses and scaling problems in network routing is the reuse of IP address by placing Network Address Translators (NAT) at the borders of stub domains. In this article, we propose an implementation of NAT using Programming ProtocolIndependent Packet Processors (P4) language, taking advantage of its features such as target-agnostic dataplane programmability. Through the MACSAD framework, we generate a software switch that achieves high performance with the support of different hardware (H/W) and Software (S/W) platforms. The main contributions of this paper relate to the performance evaluation results of the NAT implementation using P4 language with MACSAD compiler.

Network Security and Firewall Technology

2011 ◽  
Vol 2 (2) ◽  
pp. 40-60
Author(s):  
Afolayan A. Obiniyi ◽  
Ezugwu E. Absalom ◽  
Mohammed Dikko
Keyword(s):  
Signal Strength ◽  
The Internet ◽  
Network Address Translation ◽  
Packet Filtering ◽  
Corporate Networks ◽  
The Public ◽  
Computer Center ◽  
Address Translation ◽  
Corporate Network ◽  
Key Features

With the explosion of the public Internet, corporate networks connected to the Internet, if not adequately secured, are vulnerable to damaging attacks. Hackers, viruses, worms, Trojan horses, and spyware try to invade privacy. This research examines how these threats affect the corporate network and ways to reduce them. MikroTik routerOS was configured as the router to examine these threats. Network Address Translation and packet filtering where the key features configured to make the network hidden for unauthorized users and filter unwanted traffics that might reflect malicious acts. The configuration and test were carried out at Iya Abubakar Computer Center, Ahamdu Bello University, Zaria, Nigeria. At the onset, the targeted network was full of virus, worms, Trojan horses, spyware, and vulnerable to unauthorized users. The signal strength of the network was usually very poor due to the effect from the threats affecting the bandwidth. The firewall was configured to filter out inherently dangerous services, exposing the network to fewer risks. After the research, the performance and efficiency of the network was improved tremendously.

scholarly journals Implementation of Network Address Translation Using TCP/IP Model In Internet Communication System

2020 ◽  
pp. 447-453
Author(s):  
Ei Ei khaing ◽  
Mya Thet Khaing ◽  
Akari Myint Soe ◽  
Shwe Sin Myat Than
Keyword(s):  
Resource Sharing ◽  
Transmission Control Protocol ◽  
Internet Protocol ◽  
Data Communication ◽  
Basic Unit ◽  
The Internet ◽  
Internet Communication ◽  
Network Address Translation ◽  
Traffic Routing ◽  
Address Translation

Nowadays, many people will be used internet that for their work, communication, education, economic and organization necessary that is used today. Network address translation (NAT) is a method of remapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. A network is a system of hardware and software, put together for the purpose of communication and resource sharing. A network includes transmission hardware devise to interconnect transmission media and to control transmissions and software to decode and format data. The Internet protocol suite is the computer networking model and set of communications protocols used on the Internet and similar computer networks. Knowledge on how the internet is able to communicate with internet users is a mystery to some people. Internet communication need to be TCP/IP protocol which means that TCP is Transmission Control Protocol, or what is sometimes simply used to refer to Internet Protocol, is the basic unit for communication on the internet. This can also be applied to private internet, like Ethernet and so on. Despite TCP and IP being used interchangeably, there is a slight difference between the two in relation to the roles they play IP is directly responsible for obtaining internet addresses and then it is the work of TCP to deliver the data obtained to the addresses achieved by IP. TCP/IP provides end-to-end connectivity specifying how data should be packetized, addressed, transmitted, routed and received at the destination. This paper aim is described operation and models of TCP-IP suite in data communication network.

scholarly journals Performance Analysis for Wireless Networks: An Analytical Approach by Multifarious Sym Teredo

2014 ◽  
Vol 2014 ◽  
pp. 1-8 ◽  
Author(s):  
D. Shalini Punithavathani ◽  
Sheryl Radley
Keyword(s):  
Wireless Networks ◽  
Performance Analysis ◽  
Analytical Approach ◽  
The Internet ◽  
Network Address Translation ◽  
Backward Compatibility ◽  
Address Translation ◽  
Ipv6 Transition ◽  
The World ◽  
Dual Stack

IPv4-IPv6 transition rolls out numerous challenges to the world of Internet as the Internet is drifting from IPv4 to IPv6. IETF recommends few transition techniques which includes dual stack and translation and tunneling. By means of tunneling the IPv6 packets over IPv4 UDP, Teredo maintains IPv4/IPv6 dual stack node in isolated IPv4 networks behindhand network address translation (NAT). However, the proposed tunneling protocol works with the symmetric and asymmetric NATs. In order to make a Teredo support several symmetric NATs along with several asymmetric NATs, we propose multifarious Sym Teredo (MTS), which is an extension of Teredo with a capability of navigating through several symmetric NATs. The work preserves the Teredo architecture and also offers a backward compatibility with the original Teredo protocol.

Domain Name System during the Transition from IPv4 to IPv6

2014 ◽  
Vol 687-691 ◽  
pp. 1912-1915
Author(s):  
Hong Cheng Tian ◽  
Hong Wang ◽  
Jin Kui Ma
Keyword(s):  
Transition Period ◽  
Functional Unit ◽  
Transition Phase ◽  
The Internet ◽  
Domain Name System ◽  
Domain Name ◽  
Network Address Translation ◽  
Address Translation ◽  
Operating Process ◽  
Long Time

IPv4 and IPv6 will coexist for a long time, due to ISPes’ inertia in the transition from IPv4 to IPv6. Domain Name System (DNS) is a very important functional unit in the Internet. This paper describres the hierarchy and operating process of IPv6 DNS, IPv6 DNS resolver, and presents the DNS transition from IPv4 to IPv6 in particular. We suggest two methods to implement DNS service during the transition period: DNS-Application Level Gateway (DNS-ALG) with Network Address Translation-Protocol Translation (NAT-PT), and dual stacks. And we also propose their respective operational principles. This paper is of valuable reference for network engineers to construct DNS in the transition phase.

scholarly journals Software Defined Based Pure VPN Protocol for Preventing IP Spoofing Attacks in IOT

2019 ◽  
Vol 7 (3) ◽  
pp. 14-20
Author(s):  
Narendhiran R, Pavithra K, Rakshana P, Sangeetha P
Keyword(s):  
Network Architecture ◽  
Data Privacy ◽  
Security Protocol ◽  
Security And Privacy ◽  
The Internet ◽  
The Novel ◽  
Good Opportunity ◽  
Ip Address ◽  
Everyday Objects ◽  
Ip Spoofing

The Internet of things (IoT) is the network of devices, vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data. IoT involves extending Internet connectivity beyond standard devices, such as desktops, laptops, smart phones and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the Internet, and they can be remotely monitored and controlled. Traditionally, current internet packet delivery only depends on packet destination IP address and forward devices neglect the validation of packet’s IP source address. It makes attacks can leverage this flow to launch attacks with forge IP source address so as to meet their violent purpose and avoid to be tracked. In order to reduce this threat and enhance internet accountability, many solution proposed in the inter domain and intra domain aspects. Furthermore, most of them faced with some issues hard to cope, i.e., data security, data privacy. And most importantly code cover PureVPN protocol for both inter and intra domain areas. The novel network architecture of SDN possess whole network PureVPN protocol rule instead of traditional SDN switches, which brings good opportunity to solve IP spoofing problems. However, use authentication based on key exchange between the machines on your network; something like IP Security protocol will significantly cut down on the risk of spoofing. This paper proposes a SDN based PureVPN protocol architecture, which can cover both inter and intra domain areas with encrypted format effectively than SDN devices. The PureVPN protocol scheme is significant in improving the security and privacy in SDN for IoT.

Towards IPv6 Migration and Challenges

2019 ◽  
Vol 10 (2) ◽  
pp. 83-96 ◽  
Author(s):  
Junaid Latief Shah ◽  
Heena Farooq Bhat ◽  
Asif Iqbal Khan
Keyword(s):  
Information Dissemination ◽  
Scale Up ◽  
Internet Protocol ◽  
The Internet ◽  
Address Space ◽  
Ip Address ◽  
Next Generation Internet ◽  
Feasible Option ◽  
Ipv6 Adoption ◽  
Geographical Locations

The Internet, since its genesis in 1970's, has already become a global broadcasting potential for information dissemination and a channel for information collaboration and an interface between disparate users and their systems, separated by large geographical locations. The rate of growth of interconnected devices has been on exponential scale from the last decade. As of now, more than 5 billion devices are accessing the Internet. The Internet Protocol Version 4 (IPv4) which is a three decade old standard internetworking protocol using 32-bit address, fails to cater such a large number of hosts. In February 2011, the Internet Assigned Numbers Authority (IANA), the nodal agency for IP address allocation exhausted the central pool of IPv4 addresses completely. This rapid depletion of IP addresses was inevitable as a large number of devices are getting connected to internet. Also, inefficient utilization and remiss planning of IP address space acted as catalyst in the process of depletion. NAT, CIDR and Subnetting only serve as short interim solutions provided by IPv4. Moreover, IPv4 fails to scale up and bridge the security enhancements required by the modern Internet today. The only feasible option lies in unabridged transition to IPv6. Internet Protocol Version 6 (IPv6) provides an address space of 2128 i.e. trillions of addresses, making the IP address space potentially inexhaustible. Thus, adopting IPv6 makes a paragon choice of replacement for IPv4. This article reviews the next generation internet protocol IPv6 and explicates the discussion over the need for migrating to IPv6. The article also presents technical as well as non-technical challenges related to migration and presents overall statistics regarding IPv6 adoption around the world.

scholarly journals Detecting the Use of Anonymous Proxies

2018 ◽  
Vol 10 (2) ◽  
pp. 74-94 ◽  
Author(s):  
Jonathan McKeague ◽  
Kevin Curran
Keyword(s):  
Internet Protocol ◽  
The Internet ◽  
Large Role ◽  
Unique Identifier ◽  
Ip Address ◽  
Original Source ◽  
Fraud Prevention ◽  
Online Fraud ◽  
Ip Addresses

The Internet is built atop the Internet Protocol (IP) which has at its heart a unique identifier known as an IP address. Knowing the location of an IP address can be very useful in many situations such as for banks to know if a connection is in progress from online fraud hotspots. IP addresses can be spoofed allowing hackers to bypass geographical IP restrictions and thus render some category of fraud prevention useless. Anonymous proxies (AP) which act as intermediate relays which disguise the source IP addresses can play a large role in cybercrime. There is a need to ascertain whether an incoming IP connection is an original source matched IP address, or one being routed through an anonymising proxy. This article concentrates on various methods used by anonymising proxies, the characteristics of the anonymous proxies and the potential mechanisms available to detect if a proxy is in use.

scholarly journals IMPLEMENTASI STATIC NAT TERHADAP JARINGAN VLAN MENGGUNAKAN IP DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)

2016 ◽  
Vol 1 (1) ◽  
pp. 51-58
Author(s):  
Juwanda Natali ◽  
Fajrillah Fajrillah ◽  
T.M. Diansyah
Keyword(s):  
Local Area Network ◽  
Local Area ◽  
Area Network ◽  
Network Address Translation ◽  
Ip Address ◽  
Virtual Groups ◽  
Address Translation ◽  
Dynamic Host Configuration ◽  
Dynamic Host Configuration Protocol

To build a network interconnect Local Area Network (LAN) that will be needed in the form of Virtual groups Local Area Network (LAN). DHCP IP address given by the router to the PC located in the network. NAT (Network Address Translation) is one method that is used as an IP translation to gain entrance into a different network. NAT (Network Address Translation) can allow a host to go into different networks without allowing the host intended to tap into their networks using VLAN With the two different networks into a single switch can be connected. Giving DHCP IP will allow the network administrator to provide the IP address to a PC for IP assigned automatically by the router. An IP host is forwarded in a network with NAT.

Sign in / Sign up

Export Citation Format

Share Document