Abstract
IP spoofing, sending IP packets with a false source IP address, continues to be a primary attack vector for large-scale Denial of Service attacks. To combat spoofing, various interventions have been tried to increase the adoption of source address validation (SAV) among network operators. How can SAV deployment be increased? In this work, we conduct the first randomized control trial to measure the effectiveness of various notification mechanisms on SAV deployment. We include new treatments using nudges and channels, previously untested in notification experiments. Our design reveals a painful reality that contrasts with earlier observational studies: none of the notification treatments significantly improved SAV deployment compared to the control group. We explore the reasons for these findings and report on a survey among operators to identify ways forward. A portion of the operators indicate that they do plan to deploy SAV and ask for better notification mechanisms, training, and support materials for SAV implementation.

Citation
Qasim Lone, Alisa Frik, Matthew Luckie, M Korczynski, Michel van Eeten, and Carlos Ganán. Deployment of Source Address Validation by Network Operators: A Randomized Control Trial. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland ’22), 2022.