Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Keeping Denial-of-Service Attackers in the Dark

  • Conference paper
Distributed Computing (DISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3724))

Included in the following conference series:

Abstract

We consider the problem of overcoming (Distributed) Denial of Service (DoS) attacks by realistic adversaries that can eavesdrop on messages, or parts thereof, but with some delay. We show a protocol that mitigates DoS attacks by eavesdropping adversaries, using only available, efficient packet filtering mechanisms based mainly on (addresses and) port numbers. Our protocol avoids the use of fixed ports, and instead performs ‘pseudo-random port hopping’. We model the underlying packet-filtering services and define measures for the capabilities of the adversary and for the success rate of the protocol. Using these, we analyze the proposed protocol, and show that it provides effective DoS prevention for realistic attack and deployment scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andersen, D.G.: Mayday: Distributed filtering for internet services. In: Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems, USITS (2003)

    Google Scholar 

  2. Argyraki, K., Cheriton, D.R.: Active internet traffic filtering: Real-time response to denial-of-service attacks. In: Proceedings of the USENIX Annual Technical Conference (April 2005)

    Google Scholar 

  3. Atkinson, R.: Security architecture for the internet protocol. RFC 2401, IETF (1998)

    Google Scholar 

  4. Badishi, G., Herzberg, A., Keidar, I.: Keeping denial-of-service attackers in the dark. TR CCIT 541, Department of Electrical Engineering, Technion (July 2005)

    Google Scholar 

  5. Badishi, G., Keidar, I., Sasson, A.: Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. In: The International Conference on Dependable Systems and Networks (DSN), June/July 2004, pp. 223–232 (2004)

    Google Scholar 

  6. Collins, M., Reiter, M.K.: An empirical analysis of target-resident dos filters. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004, pp. 103–114 (2004)

    Google Scholar 

  7. CSI/FBI. Computer crime and security survey (2003)

    Google Scholar 

  8. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the Association for Computing Machinery 33(4), 792–807 (1986)

    MathSciNet  Google Scholar 

  9. Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: Atluri, V., Liu, P. (eds.) Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS-03), October 27–30, pp. 30–41. ACM Press, New York (2003)

    Chapter  Google Scholar 

  10. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In: Proceedings of the International World Wide Web Conference, May 2002, pp. 252–262. IEEE, Los Alamitos (2002)

    Google Scholar 

  11. Juniper Networks. The need for pervasive application-level attack protection

    Google Scholar 

  12. Keromytis, A.D., Misra, V., Rubenstein, D.: Sos: An architecture for mitigating ddos attacks. Journal on Selected Areas in Communications 21(1), 176–188 (2004)

    Article  Google Scholar 

  13. Krishnamurthy, B., Wang, J.: On network-aware clustering of Web clients. In: Proceedings of the SIGCOMM (August 2000)

    Google Scholar 

  14. Mahajan, P., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. Computer Communications Review 32(3), 62–73 (2002)

    Article  Google Scholar 

  15. Moore, D., Voelker, G., Savage, S.: Inferring Internet denial-of-service activity. In: Proceedings of the 10th USENIX Security Symposium, August 2001, pp. 9–22 (2001)

    Google Scholar 

  16. NetContinuum. Web application firewall: How netcontinuum stops the 21 classes of web application threats

    Google Scholar 

  17. P-Cube. DoS protection

    Google Scholar 

  18. P-Cube. Minimizing the effects of DoS attacks

    Google Scholar 

  19. Riverhead Networks. Defeating DDoS attacks

    Google Scholar 

  20. Schwartz, S.M.: Frequency hopping spread spectrum (fhss)

    Google Scholar 

  21. Yaar, A., Perrig, A., Song, D.: Pi: A path identification mechanism to defend against DDoS attacks. In: IEEE Symposium on Security and Privacy (May 2003)

    Google Scholar 

  22. Yaar, A., Perrig, A., Song, D.: An endhost capability mechanism to mitigate DDoS flooding attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Technion Department of Electrical Engineering,  

    Gal Badishi & Idit Keidar

  2. Department of Computer Science, Bar Ilan University,  

    Amir Herzberg

Authors
  1. Gal Badishi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir Herzberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Idit Keidar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. CNRS and University Paris Diderot,  

    Pierre Fraigniaud

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Badishi, G., Herzberg, A., Keidar, I. (2005). Keeping Denial-of-Service Attackers in the Dark. In: Fraigniaud, P. (eds) Distributed Computing. DISC 2005. Lecture Notes in Computer Science, vol 3724. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11561927_4

Download citation

  • DOI: https://doi.org/10.1007/11561927_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29163-3

  • Online ISBN: 978-3-540-32075-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation