Abstract
Network Denial-of-Service (N-DoS) attacks are one of the fastest growing types of attack on the Internet. This paper addresses the vulnerabilities in Internet protocols, as well as deficiencies in flowcontrol in the Internet, both of which contribute to the loss of resource availability when networks suffer N-DoS attacks. Furthermore, an AFFC (Anti-flooding Flow-Control) model is presented to defend against flooding N-DoS attacks. AFFC policies regulate unresponsive elastic traffic and aggressive best-effort traffic for specific flow classes. Experiments have demonstrated that the deployment of this model can thwart harmful flows and prevent congestion collapse by flooding N-DoS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin: ICMP Traceback Message, Internet Draft, March 2000
S. Blake, et al: An architecture for Differentiated Services, IETF RFC 2475, December 1998
Ho-Yen Chang, S. Felix Wu, C. Sargor, X.Wu: Towards Tracing Hidden Attacks on Untrusted IP Networks, NCSU, June 2000
Dave Dittrich: Source Code to mstream, a DDoS tool, Bugtraq mailinglist, 2000-05-01
Sally Floyd, Kevin Fall: Promoting the Use of End-to-End Congestion Control in the Internet, Networking, IEEE/ACM, Vol., 7, No.4, August 1999, P458–472
Sally Floyed, Van Jacobson: Random Early Detection Gateway for Congestion Avoidance, IEEE/ACM Transactions on Networking, August, 1993
Sally Floyd, Van Jacobson, Link-sharing and Resource Management Models for Packet Networks, IEEE/ACM Transactions on Networking, Vol. 3, No. 4, August 1995
Sally Floyd, Vern Paxon: Why We Don’t Know How To Simulate The Internet, http://www.aciri.org/floyd/papers.html, October 1999
Kevin Fall, Kannan Varadhan: ns Notes and Documentation, UCB/ LBL/USC/ISI/Xerox, http://www-mash.cs.berkeley.edu/ns, February 25, 2000
Lasse Huovinen, Jani Hursti: Denial of Service Attacks: Teardrop and Land, http://www.hut.fi/~lhuovine/hacker/dos.html, March 1998
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson: Practical Network Support for IP Traceback, http://www.cs.wachington.edu/homes/savage/traceback.hrml, February 2000
Kevin Thomas, Gregory J. Miller, Rick Wiler: Wide-Area Internet Traffic Patterns and Characteristics, IEEE Network, Vol11, No.6, Nov/Dec. 1997, P10–23
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ye, B. (2001). Defeating Denial-of-Service Attacks on the Internet. In: Qing, S., Okamoto, T., Zhou, J. (eds) Information and Communications Security. ICICS 2001. Lecture Notes in Computer Science, vol 2229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45600-7_34
Download citation
DOI: https://doi.org/10.1007/3-540-45600-7_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42880-0
Online ISBN: 978-3-540-45600-1
eBook Packages: Springer Book Archive