Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
IEEE/ACM Transactions on Networking (TON)
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08 Proceedings of the 17th conference on Security symposium
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Losing control of the internet: using the data plane to attack the control plane
Proceedings of the 17th ACM conference on Computer and communications security
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
STRIDE: sanctuary trail -- refuge from internet DDoS entrapment
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
CoDef: collaborative defense against large-scale link-flooding attacks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
| Hi-index | 0.00 |
Current Denial-of-Service (DoS) attacks are directed towards a specific victim. The research community has devised several countermeasures that protect the victim host against undesired traffic. We present Coremelt, a new attack mechanism, where attackers only send traffic between each other, and not towards a victim host. As a result, none of the attack traffic is unwanted. The Coremelt attack is powerful because among N attackers, there are O(N2) connections, which cause significant damage in the core of the network. We demonstrate the attack based on simulations within a real Internet topology using realistic attacker distributions and show that attackers can induce a significant amount of congestion.