See this document in CiteSeerX!

Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic (2003)  (Make Corrections)  (9 citations)
Cheng Jin, Haining Wang, Kang G. Shin
Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS)



  Home/Search   Context   Related

 
View or download:
umich.edu/~hxw/./pap...rogueip_ccs03.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  umich.edu/~hxw/myreport (more)
Homepages:  H.Wang  

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: IP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability to filter spoofed IP packets near victims is essential to their own protection as well as to their avoidance of becoming involuntary DoS reflectors. Although an attacker can forge any field in the IP header, he or she cannot falsify... (Update)

Cited by:   More
Keeping Denial-of-Service Attackers in the Dark - Badishi, Herzberg, Keidar (2005)   (Correct)
Adaptive Defense Against Various Network Attacks - Cliff Zou Nick   (Correct)
WebSOS: An Overlay-based System for Protecting Web .. - Stavrou, Cook.. (2005)   (Correct)

Similar documents (at the sentence level):
42.5%:   Hop-Count Filtering: An Effective Defense Against Spoofed.. - Jin, Wang, Shin (2003)   (Correct)

Active bibliography (related documents):   More   All
0.5:   Detecting Distributed Denial of Service Attacks Using.. - Peng, Leckie.. (2002)   (Correct)
0.3:   Subliminal Traceroute in TCP/IP - Daniels, Spafford (2000)   (Correct)
0.2:   Efficient Policy-Based Routing In The Internet - Smith (2003)   (Correct)

System load high. Please wait...
Timeout. Please try your query later.
Similar documents based on text:   More   All
0.2:   SIFF: A Stateless Internet Flow Filter to Mitigate DDoS.. - Yaar, Perrig, Song (2004)   (Correct)
0.2:   Perimeter-Based Defense against High Bandwidth DDoS Attacks - Chen, Song (2005)   (Correct)
0.2:   SYN-dog: Sniffing SYN Flooding Sources - Wang, Zhang, Shin (2002)   (Correct)

Related documents from co-citation:   More   All
8:   Pi: A Path Identification Mechanism to Defend against DDoS Attacks - Yaar, Perrig et al. - 2003
6:   the effectiveness of route-based packet filtering for distributed DoS attack pre.. - Park, Lee - 2001
6:   Inferring Internet Denial-of-Service Activity - Moore, Voelker et al. - 2001

BibTeX entry:   (Update)

C. Jin, H. Wang, and K. G. Shin. Hop-Count Filtering: An Effective Defense Against Spoofed DoS Traffic. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pages 30--41, October 2003. http://citeseer.ist.psu.edu/jin03hopcount.html   More

@inproceedings{ jin03hopcount,
  author = "C. Jin and H. Wang and K. Shin",
  title = "Hop-Count Filtering: An Effective Defense Against Spoofed {DDoS} Traffic",
  booktitle = "Proceedings of the 10th ACM International Conference on Computer and
    Communications Security (CCS)",
  pages "30--41",
  month = oct,
  year = "2003",
  url = "citeseer.ist.psu.edu/jin03hopcount.html" }
Citations (may not include all citations):
301   End-to-end routing behavior in the internet - Paxson - 1997
224   Resource containers: A new facility for resource management .. - Banga, Druschel et al. - 1999
154   Network ingress filtering: Defeating denial of service attac.. (context) - Ferguson, Senie - 1998
148   Practical network support for IP traceback - Savage, Wetherall et al. - 2000
117   Measuring isp topologies with rocketfuel - Spring, Mahajan et al. - 2002
113   Inferring internet denial of service activity - Moore, Voelker et al. - 2001
98   Sos: Secure overlay services - Keromytis, Misra et al. - 2002
92   Controlling high bandwidth aggregates in the network - Mahajan, Bellovin et al. - 2002
90   Web server support for tiered services - Bhatti, Friedrich - 1999
70   Hash-based IP traceback - Snoren, Partridge et al. - 2001
69   Defending against denial of service attacks in Scout - Spatscheck, Peterson - 1999
64   Icmp traceback messages (context) - Bellovin - 2000
63   Advanced and authenticated marking schemes for IP traceback - Song, Perrig - 2001
57   Implementing pushback: Router-based defense against ddos att.. - Ioannidis, Bellovin - 2002
55   the effectiveness of route-based packet filtering for distri.. - Park, Lee - 2001
50   TCPIP Illustrated (context) - Stevens, Illustrated et al. - 1994
48   Centertrack: An IP overlay network for tracking DoS floods (context) - Stone - 2000
41   Experience with emerald to date - Neumann, Porras - 1999
36   Multops: a data-structure for bandwidth attack detection - Gil, Poletter - 2001
33   Denial-of-service attack rip the internet (context) - Garber - 2000
24   An analysis of using reflectors for distributed denial-of-se.. - Paxson - 2001
22   Mapping and visualizing the internet - Cheswick, Burch et al. - 2000
22   Detecting syn flooding attacks - Wang, Zhang et al. - 2002
22   Internet tomography (context) - Claffy, Monk et al. - 1999
21   Save: Source address validity enforcement protocol - Li, Mirkovic et al. - 2002
18   Pi: A path identification mechanism to defend against ddos a.. - Yaar, Perrig et al. - 2003
17   smurf IP denial-of-service attacks (context) - CA- - 1998
16   The osu flow-tools package and cisco netflow logs (context) - Fullmer, Romig - 2000
11   Analyzing distributed denial of service tools: The shaft cas.. (context) - Dietrich, Long et al. - 2000
11   Defensive programming: Using an annotation toolkit to build .. (context) - Qie, Pang et al. - 2002
9   Constrained mirror placement on the internet - Cronin, Jamin et al. - 2002
4   Heuristics for internet map discovery (context) - Govinda, Tangmunarunkit - 2000
4   bsd unix tcpip software (context) - weakness, bsd et al. - 1985
3   Distributed reflection denial of service (context) - Gibson - 2002
2   TCP SYN flooding and IP spoofing (context) - CA- - 2000
2   Practical approaches to dealing with ddos attacks (context) - Poletto - 2001
2   Available httpwww (context) - Enforcer, http et al. - 2002
2   Available: http://arbornetworks (context) - Inc, DoS - 2002
2   Available: http://secfr (context) - Education, Network et al. - 2002
1   Available: http://razor (context) - at, Despoof - 2000
1   Active measurement project (context) - for, Research - 1998
1   Detecting spoofed packets - Templeton, Levitt - 2003
http://staff.washington.edu/dittrich/misc/ddos/
http://nms.lcs.mit.edu/software/ron/



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.eecs.umich.edu/~hxw/myreport.htm):   More
Robust TCP Congestion Recovery - Wang, Shin   (Correct)
Refined Design of Random Early Detection Gateways - Wang, Shin (1999)   (Correct)
Layer-4 Service Differentiation and Resource Isolation - Wang, Shin (2002)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC