On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
Admission control and dynamic adaptation for a proportional-delay diffserv-enabled web server
SIGMETRICS '02 Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Characterizing the Internet Hierarchy from Multiple Vantage Points
Characterizing the Internet Hierarchy from Multiple Vantage Points
An empirical evaluation of wide-area internet bottlenecks
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 36th SIGCSE technical symposium on Computer science education
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Using routing and tunneling to combat DoS attacks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Adaptive overload control for busy internet servers
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Fine-grained capabilities for flooding DDoS defense using client reputations
Proceedings of the 2007 workshop on Large scale attack defense
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Remote profiling of resource constraints of web servers using mini-flash crowds
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Distinguishing between FE and DDoS Using Randomness Check
ISC '08 Proceedings of the 11th international conference on Information Security
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
| Hi-index | 0.00 |
Packet floods targeting a victim's incoming bandwidth are notoriously difficult to defend against. While a number of solutions have been proposed, such as network capabilities, third-party traffic scrubbing, and overlay-based protection, most suffer from drawbacks that limit their applicability in practice. We propose CAT, a new network-based flood protection scheme. In CAT, all flows must perform a three-way handshake with an in-network element to obtain permission to send data. The three-way handshake dissuades source spoofing and establishes a unique handle for the flow, which can then be used for revocation by the receiver. CAT offers the protection qualities of network capabilities, and yet does not require major architectural changes.