Title :
Defeating reflector based Denial-of-Service attacks using single packet filters
Author :
Sairam, Ashok Singh ; Subramaniam, Late Ashish ; Barua, Gautam
Author_Institution :
Dept. of Comput. Sci. & Eng., Indian Inst. of Technol., Patna, India
Abstract :
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are becoming increasingly sophisticated with few practical solutions available. In this paper we consider the issue of filtering reflector based DoS attacks and of identifying attackers. For reflector based attacks, a Signature Conflict Triggered Filtering (SCTF) scheme based on Deterministic Edge Router Marking (DERM) was proposed. We suggest an enhancement to make the 3-way handshake in SCTF stateless and call it Fast-SCTF. We then propose a framework using BGP for a single-packet handshake. We demonstrate that our proposed scheme is space efficient, more secure, robust and it requires very little cooperation among autonomous systems.
Keywords :
IP networks; computer network security; filtering theory; telecommunication network routing; 3-way handshake enhancement; DDoS attacks; DERM; IP packets; IP traceback problem; SCTF; autonomous systems; defeating reflector; deterministic edge router marking; distributed denial-of-service attacks; filtering reflector; signature conflict triggered filtering; single packet filters; single-packet handshake; Authentication; Computer crime; Filtering; IP networks; Image edge detection; Routing protocols;
Conference_Titel :
Communications and Networking in China (CHINACOM), 2010 5th International ICST Conference on
Conference_Location :
Beijing
Print_ISBN :
973-963-9799-97-4
