K. Park, and H. Lee. A Proactive Approach to Distributed DoS Attack Prevention Using Route-based Packet Filtering. In SIGCOMM, 2001.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....ingress filters, egress filters [13] reside at the exit points of a network domain and checks whether the source address of exiting packets belong to this domain. Aside from the placement issue, both ingress and egress filters have similar behavior. 2.3.2. Route based Filtering Park and Lee [18] propose route based distributed packet filtering, which rely on route information to filter out spoofed IP packets. For instance, suppose that A1 belongs to domain D1 and is attempting a DoS attack on V that belongs to domain D4. If A1 uses the spoofed address H5 that belongs to domain D5, the ....

....originated from domain D5 and destined to V should not travel through domain D1. Then, the filter at D1 will discard the packet. Routebased filters do not use store individual host addresses for filtering, rather, they use the topology information of Autonomous Systems (ASes) The authors of [18] show that with partial deployment of route based filters, about 20 in the Internet AS topologies, it is possible to achieve a good filtering effect that prevents spoofed IP flows reaching other ASes. These filters need to build route information by consulting BGP routers of different ASes. Since ....

[Article contains additional citation context not shown here]

K. Park and H. Lee. A proactive approach to distributed DoS attack prevention using route-based packet filtering. In Proc. ACM SIGCOMM, San Diego, CA, Aug. 2001.

....to provide both amplification and tracing protection to the attacker. It turns out that, with the current Internet infrastructure, such attacks are almost impossible to prevent. Proposals that would allow hosts being flooded to tell their upstream routers to filter packets for them exist [5 7]. However, without clever security infrastructures and authentication frameworks for these filtering requests, such a system can be abused to provide even more sophisticated denial of service (DoS) attacks. Even just identifying the sources or intermediaries by tracing the traffic back towards ....

....As this decreases customer happiness and increases customer service calls, ISPs thus seem unlikely to implement ingress filtering in the near future. The next step is victim pushback, where a site that believes to be under attack can send back messages installing filters at upstream routers [5 7]. In addition to the arguments listed above, victims or routers can potentially be tricked into installing overzealous filters, which effectively amounts to having the victims mount a DoS attack against themselves. Mankins et al. 18] instead try to discourage DoS attacks by charging for traffic ....

Kihong Park and Heejo Lee, "A proactive approach to distributed dos attack prevention using route-based distributed filtering," Tech. Rep. CSD00 -017, Department of Computer Sciences, Purdue University, 2000.

....PPM does not scale well under distributed DoS (DDoS) attacks in the sense that the more hosts an attacker is able to compromise and use as a distributed attack site, the greater the effort needed (approximately proportional) to identify the attack sites. Route based distributed packet filtering [28] is a new approach which, in addition to matching the power of PPM, solves its weaknesses including the need to have a marking field. III. PROBABILISTIC PACKET MARKING AND TRACEBACK A. Network Model The network is given as a directed graph G = V; E) where V is the set of nodes and E is the set ....

K. Park and H. Lee, "A proactive approach to distributed DoS attack prevention using route-based distributed filtering," Tech. Rep. CSD-00-017, Department of Computer Sciences, Purdue University, December 2000.

No context found.

K. Park, and H. Lee. A Proactive Approach to Distributed DoS Attack Prevention Using Route-based Packet Filtering. In SIGCOMM, 2001.

No context found.

K. Park, and H. Lee. A Proactive Approach to Distributed DoS Attack Prevention Using Route-based Packet Filtering. In SIGCOMM, 2001.

No context found.

Park, K. and Lee, H. (2000a). A proactive approach to distributed DoS attack prevention using route-based packet ltering. Technical Report CSD-TR-00-017, Dept. of Computer Sciences,Purdue University.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC