Spoofer - Software Systems for Surveying Spoofing Susceptibility

Statement of Work

The proposed effort includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service. Tasks and deliverables for the entire project are separated into three periods:

Period I : Applied Research and Development
Period II : Development
Period III : Development and Technology Demonstration

Period I: Applied Research and Development (8 months, August 1, 2015 - March 31, 2016) - completed

Period II: Development (12 months, April 1, 2016 - March 31, 2017) - completed

Period III: Development and Technology Demonstration (16 months, April 1, 2017 - July 31, 2018)


Task 1: Refine client-server SAV testing technology and reports according to experiences and feedback, with continuing releases as necessary
1.1	Enhance reporting system to report properties of networks that have received spoofed packets
1.2	Share the reports privately with affected networks
1.3	Build traceroute-based software to identify networks forwarding spoofed packets
1.4	Support and develop our client-server testing technology based on continuing feedback from network operators, policy makers, and DHS
1.5	Incorporate new data into our reporting system
1.6	Produce focused reports for network operator groups
1.7	Explore additional measurement technologies and data sources suitable for adapting and integrating into a general-purpose network hygiene system (reputation blacklists, presence of possible DDoS amplification vectors: open resolvers, NTP servers, SNMP servers)
Task 2: Develop software client for deployment in resource-constrained open-source home routers
2.1	Build functionality to test SAV deployment of access providing networks on a weekly basis into OpenWrt, a Linux-based open-source router firmware
2.2	Optimize the client software for resource-constrained home-router environments by incorporating the most relevant features and utilizing libraries designed for embedded environments
2.3	Test software in the BISmark home router infrastructure to gain real-world experience before seeking broader deployment
2.4	Integrate a web-based SAV reporting engine into the existing web-based interface on OpenWrt routers

Milestones and Deliverables (Period III)

#	Milestone	Deliverable	Date	Status
1	Include information about clients receiving spoofed packets into the reporting system	Software: Updated reporting system	Aug 1, 2017	done
2	Release software identifying a lack of ingress filtering by providers	Tool to measure ISP SAV deployment	Dec 1, 2017	done
3		Report: status of spoofing remediation efforts	Apr 1, 2018
4	Release OpenWrt client software to test SAV best practices of access providers	Software: Client for home routers	Apr 1, 2018
5	Release updated client-server SAV testing software	Software: final release	Jun 1, 2018
6		Final report including SAV compliance trends and areas to focus on	Jul 31 2018

Acknowledgement of awarding agency's support

This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD) BAA HSHQDC-14-R-B0005, and the Government of United Kingdom of Great Britain and Northern Ireland via contract number D15PC00188.

The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security, the U.S. Government, or the Government of United Kingdom of Great Britain and Northern Ireland.