Summary cache: a scalable wide-area web cache sharing protocol
IEEE/ACM Transactions on Networking (TON)
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Information Processing Letters
Less hashing, same performance: building a better bloom filter
ESA'06 Proceedings of the 14th conference on Annual European Symposium - Volume 14
A Fair Solution to DNS Amplification Attacks
WDFIA '07 Proceedings of the Second International Workshop on Digital Forensics and Incident Analysis
On the false-positive rate of Bloom filters
Information Processing Letters
Hi-index | 0.00 |
Nowadays the DNS protocol is under the attention of the security community for its lack of security and for the flaws found in the last few years. In the Internet scenario, the reflection/amplification is the most common and nasty attack that requires very powerful and expensive hardware to be protected from. In this paper we propose a robust countermeasure against this type of threats based on Bloom filters. The proposed method is fast and not too eager of resources, and has a very low error rate, blocking 99.9% of attack packets. The mechanism has been implemented within a project by Telecom Italia S.p.A., named jdshape, based on Juniper Networks® SDK.