ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Steps towards a DoS-resistant internet architecture
Full text PdfPdf (121 KB)
Source Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture table of contents
Portland, Oregon, USA
SESSION: New architectures table of contents
Pages: 49 - 56  
Year of Publication: 2004
ISBN:1-58113-942-9
Authors
Mark Handley  University College London
Adam Greenhalgh  University College London
Sponsors
SIGCOMM: ACM Special Interest Group on Data Communication
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 88,   Citation Count: 9
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1016707.1016717
What is a DOI?

Warning: The download time has expired please click on the item to try again.


ABSTRACT

Defending against DoS attacks is extremely difficult; effective solutions probably require significant changes to the Internet architecture. We present a series of architectural changes aimed at preventing most flooding DoS attacks, and making the remaining attacks easier to defend against. The goal is to stimulate a debate on trade-offs between the flexibility needed for future Internet evolution and the need to be robust to attack.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
APNIC. Root server trial FAQ. http://www.apnic.net/info/faq/rootserver-faq.html.
 
2
T. Aura. Cryptographically Generated Addresses (CGA). draft-ietf-send-cga-05.txt, work-in-progress, IETF, Feb. 2004.
 
3
T. Bates, Y. Rekhter, R. Chandra, and D. Katz. Multiprotocol extensions for BGP-4. RFC 2858, June 2000.
 
4
S. Bhattacharyya (editor). An overview of source-specific multicast (SSM). RFC 3569, IETF, July 2003.
 
5
C. Castelluccia and G. Montenegro. Securing group management in IPv6 with CGA (Cryptographically Generated Addresses). presentation to the IRTF GSEC Research Group, February, 2002.
 
6
CERT Advisory CA-1998-01. Smurf IP denial-of-service attacks, Jan. 1998. http://www.cert.org/advisories/CA-1998-01.html.
 
7
S. Deering. Host extensions for IP multicasting. RFC 1112, IETF, Aug. 1989.
8
Wu-chang Feng, The case for TCP/IP puzzles, Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, August 25-27, 2003, Karlsruhe, Germany
 
9
IAB, M. Handley (editor). Internet denial of service considerations. draft-iab-dos-00.txt, work-in-progress, IETF, Jan. 2004.
 
10
J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proc. Network and Distributed System Security Symposium, San Diego. ISOC, Reston, VA., February 2002.
 
11
E. Kohler, M. Handley, and S. Floyd. Datagram congestion control protocol (dccp). draft-ietf-dccp-spec-06.txt, work-in-progress, IETF, Feb. 2004.
 
12
K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica. Taming IP packet flooding attacks. In Proc. ACM SIGCOMM 2nd Workshop on Hot Topics in Networks, Nov. 2003.
13
Ratul Mahajan , Steven M. Bellovin , Sally Floyd , John Ioannidis , Vern Paxson , Scott Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review, v.32 n.3, p.62-73, July 2002  [doi>10.1145/571697.571724]
 
14
D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code, Apr. 2003.
 
15
R. Moskowitz, P. Nikander, and P. Jokela. Host Identity Protocol. draft-moskowitz-hip-09.txt, work-in-progress, IETF, Feb. 2004.
16
Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001  [doi>10.1145/505659.505664]
 
17
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. SIP: Session Initiation Protocol. RFC 3261, June 2002.
 
18
H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson. RTP: A Transport Protocol for Real-Time Applications. RFC 3550, IETF, July 2003.
 
19
D. W. Tom Anderson, Timothy Roscoe. Preventing internet denial-of-service with capabilities. In Proc. ACM SIGCOMM 2nd Workshop on Hot Topics in Networks, Nov. 2003.
 
20
N. Weaver, V. Paxson, S. Staniford, and R. Cunningham. Large scale malicious code: A research agenda. Darpa sponsored report. http://www.cs.berkeley.edu/~nweaver//large_scale_malicious_code.pdf.

CITED BY  9
Marc E. Fiuczynski, PlanetLab: overview, history, and future directions, ACM SIGOPS Operating Systems Review, v.40 n.1, January 2006
Sylvia Ratnasamy , Scott Shenker , Steven McCanne, Towards an evolvable internet architecture, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
Xiaowei Yang , David Wetherall , Thomas Anderson, A DoS-limiting network architecture, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
Christophe Jelger , Christian Tschudin, Dynamic names and private address maps: complete self-configuration for MANETs, Proceedings of the 2006 ACM CoNEXT conference, December 04-07, 2006, Lisboa, Portugal
Adam Greenhalgh , Mark Handley , Felipe Huici, Using routing and tunneling to combat DoS attacks, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.1-1, July 07, 2005, Cambridge, MA
Matthew Caesar , Tyson Condie , Jayanthkumar Kannan , Karthik Lakshminarayanan , Ion Stoica, ROFL: routing on flat labels, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
Teemu Koponen , Mohit Chawla , Byung-Gon Chun , Andrey Ermolinskiy , Kye Hyun Kim , Scott Shenker , Ion Stoica, A data-oriented (and beyond) network architecture, ACM SIGCOMM Computer Communication Review, v.37 n.4, October 2007
Karthik Lakshminarayanan , Daniel Adkins , Adrian Perrig , Ion Stoica, Securing user-controlled routing infrastructures, IEEE/ACM Transactions on Networking (TON), v.16 n.3, p.549-561, June 2008
Xiaowei Yang , David Wetherall , Thomas Anderson, TVA: a DoS-limiting network architecture, IEEE/ACM Transactions on Networking (TON), v.16 n.6, p.1267-1280, December 2008

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)


General Terms:
Design, Security


Keywords:
denial-of-service, internet, network architecture, security

Collaborative Colleagues:
Mark Handley: colleagues
Adam Greenhalgh: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player