Research Article
Defeating reflector based Denial-of-Service attacks using single packet filters
@INPROCEEDINGS{10.4108/chinacom.2010.86, author={Ashok Singh Sairam and Late Ashish Subramaniam and Gautam Barua}, title={Defeating reflector based Denial-of-Service attacks using single packet filters}, proceedings={5th International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2011}, month={1}, keywords={Authentication Computer crime Filtering IP networks Image edge detection Routing protocols}, doi={10.4108/chinacom.2010.86} }- Ashok Singh Sairam
Late Ashish Subramaniam
Gautam Barua
Year: 2011
Defeating reflector based Denial-of-Service attacks using single packet filters
CHINACOM
ICST
DOI: 10.4108/chinacom.2010.86
Abstract
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are becoming increasingly sophisticated with few practical solutions available. In this paper we consider the issue of filtering reflector based DoS attacks and of identifying attackers. For reflector based attacks, a Signature Conflict Triggered Filtering (SCTF) scheme based on Deterministic Edge Router Marking (DERM) was proposed. We suggest an enhancement to make the 3-way handshake in SCTF stateless and call it Fast-SCTF. We then propose a framework using BGP for a single-packet handshake. We demonstrate that our proposed scheme is space efficient, more secure, robust and it requires very little cooperation among autonomous systems.
Copyright © 2010–2024 ICST