Internet source address verification method based on synchronization and dynamic filtering in address domain

At the beginning of the design of the Internet architecture, it assumed that all network members were trusted, and did not fully consider the security threat brought by the untrusted network members. For a long time, routers only forward packets based on the destination IP address of the packet, and do not carry out any verification on the source IP address of the packet. The lack of packet level authenticity on the Internet results in the header being maliciously altered. A real source address verification mechanism with routing synchronization and dynamic filtering were proposed. This mechanism constructs the filter table based on the prefix-topology mapping synchronization, the problem of inconsistent state between the filter table and the route caused by routing asymmetry were solved, false positives and false negatives was avoided, and a low-overhead and low-latency source address verification of the IP address prefix level granularity in the address domain were realized.