Keeping Denial-of-Service Attackers in the Dark.
Authors:
Gal Badishi,
Amir Herzberg,
and
Idit Keidar.
In the
19th International Symposium on Distributed Computing
(DISC 2005), Lecture Notes in Computer Science Volume 3724,
pages 18-32, September 2005.
Full version to appear in IEEE Transactions on Dependable and
Secure Computing (TDSC).
Abstract:
We consider the problem of overcoming (Distributed) Denial of Service
(DoS) attacks by realistic adversaries that can eavesdrop on messages,
or parts thereof, but with some delay. We show a protocol that
mitigates DoS attacks by eavesdropping adversaries, using only
available, efficient packet filtering mechanisms based mainly on
(addresses and) port numbers. Our protocol avoids the use of fixed
ports, and instead performs `pseudo-random port hopping'. We model
the underlying packet-filtering services and define measures for the
capabilities of the adversary and for the success rate of the
protocol. Using these, we analyze the proposed protocol, and show that
it provides effective DoS prevention for realistic attack and
deployment scenarios.
Position paper:
How to Build a Dam: Fighting Application-Level DoS Attacks.
In the International Conference on Dependable Systems and
Networks (DSN), Fast Abstracts Supplement, Yokohama,
Japan, June--July, 2005.
Dowload DSN Fast Abstract (position paper):
ps,
ps.gz,
pdf,
pdf.gz.
Last modified: Wed May 23 16:54:54 IDT 2007