Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
Cookies along trust-boundaries (CAT): accurate and deployable flood protection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Proactive surge protection: a defense mechanism for bandwidth-based attacks
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Thorough defense against DoS attacks is extremely difficult without incurring significant changes to the Internet architecture. We present a series of changes aimed at establishing protection boundaries to reduce the effectiveness of most flooding DoS attacks against servers. Only minimal and local changes are required to current network architectures. We show that our scheme is highly beneficial even if deployed at a single ISP, with additional benefits arising from multiple-ISP deployment. Finally, we show that the changes can be implemented with off-the-shelf components.