NetBouncer: client-legitimacy-based high-performance DDoS filtering

We describe "NetBouncer", an approach and set of technologies for providing practical and high-performance defenses against distributed denial-of-service (DDoS) attacks. The central innovation in the NetBouncer approach to filtering and mitigating DDoS attacks is the ability to distinguish legitimate traffic from illegitimate ones so as to enable the discarding of only illegitimate traffic. In particular, this allows a NetBouncer-enabled network to distinguish DDoS congestion from flash crowd congestion situations. This provides a unique advantage over other DDoS mitigation techniques such as those based on filtering and congestion control where some loss of legitimate traffic is inevitable. The NetBouncer approach is characterized as an end-point-based solution to DDoS protection. It provides localized protection at potential choke points or bottlenecks that may exist in front of hosts and servers. NetBouncer attempts to block traffic as close to the victim as possible, while upstream of the nearest bottleneck. The immediate manifestation of NetBouncer technology is as a high-speed packet processing in-line appliance based on network processor technology. However, the long-term evolution, adoption and integration of NetBouncer technology may be in the back-plane/fast path of commercial high-speed routers.