Keeping Denial-of-Service Attackers in the Dark.
19th International Symposium on Distributed Computing
(DISC 2005), Lecture Notes in Computer Science Volume 3724,
pages 18-32, September 2005.
Full version in IEEE Transactions on Dependable and
Secure Computing (TDSC) 4:3, July-September 2007.
We consider the problem of overcoming (Distributed) Denial of Service
(DoS) attacks by realistic adversaries that can eavesdrop on messages,
or parts thereof, but with some delay. We show a protocol that
mitigates DoS attacks by eavesdropping adversaries, using only
available, efficient packet filtering mechanisms based mainly on
(addresses and) port numbers. Our protocol avoids the use of fixed
ports, and instead performs `pseudo-random port hopping'. We model
the underlying packet-filtering services and define measures for the
capabilities of the adversary and for the success rate of the
protocol. Using these, we analyze the proposed protocol, and show that
it provides effective DoS prevention for realistic attack and
Dowload DISC paper:
How to Build a Dam: Fighting Application-Level DoS Attacks.
In the International Conference on Dependable Systems and
Networks (DSN), Fast Abstracts Supplement, Yokohama,
Japan, June--July, 2005.
Dowload DSN Fast Abstract (position paper):
Last modified: Wed May 23 16:54:54 IDT 2007