Keeping Denial-of-Service Attackers in the Dark

  • Gal Badishi
  • Amir Herzberg
  • Idit Keidar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3724)


We consider the problem of overcoming (Distributed) Denial of Service (DoS) attacks by realistic adversaries that can eavesdrop on messages, or parts thereof, but with some delay. We show a protocol that mitigates DoS attacks by eavesdropping adversaries, using only available, efficient packet filtering mechanisms based mainly on (addresses and) port numbers. Our protocol avoids the use of fixed ports, and instead performs ‘pseudo-random port hopping’. We model the underlying packet-filtering services and define measures for the capabilities of the adversary and for the success rate of the protocol. Using these, we analyze the proposed protocol, and show that it provides effective DoS prevention for realistic attack and deployment scenarios.


Message Authentication Code Port Number Attack Scenario Directed Attack Delivery Probability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andersen, D.G.: Mayday: Distributed filtering for internet services. In: Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems, USITS (2003)Google Scholar
  2. 2.
    Argyraki, K., Cheriton, D.R.: Active internet traffic filtering: Real-time response to denial-of-service attacks. In: Proceedings of the USENIX Annual Technical Conference (April 2005)Google Scholar
  3. 3.
    Atkinson, R.: Security architecture for the internet protocol. RFC 2401, IETF (1998)Google Scholar
  4. 4.
    Badishi, G., Herzberg, A., Keidar, I.: Keeping denial-of-service attackers in the dark. TR CCIT 541, Department of Electrical Engineering, Technion (July 2005)Google Scholar
  5. 5.
    Badishi, G., Keidar, I., Sasson, A.: Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. In: The International Conference on Dependable Systems and Networks (DSN), June/July 2004, pp. 223–232 (2004)Google Scholar
  6. 6.
    Collins, M., Reiter, M.K.: An empirical analysis of target-resident dos filters. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004, pp. 103–114 (2004)Google Scholar
  7. 7.
    CSI/FBI. Computer crime and security survey (2003)Google Scholar
  8. 8.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the Association for Computing Machinery 33(4), 792–807 (1986)MathSciNetGoogle Scholar
  9. 9.
    Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: Atluri, V., Liu, P. (eds.) Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS-03), October 27–30, pp. 30–41. ACM Press, New York (2003)CrossRefGoogle Scholar
  10. 10.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In: Proceedings of the International World Wide Web Conference, May 2002, pp. 252–262. IEEE, Los Alamitos (2002)Google Scholar
  11. 11.
    Juniper Networks. The need for pervasive application-level attack protectionGoogle Scholar
  12. 12.
    Keromytis, A.D., Misra, V., Rubenstein, D.: Sos: An architecture for mitigating ddos attacks. Journal on Selected Areas in Communications 21(1), 176–188 (2004)CrossRefGoogle Scholar
  13. 13.
    Krishnamurthy, B., Wang, J.: On network-aware clustering of Web clients. In: Proceedings of the SIGCOMM (August 2000)Google Scholar
  14. 14.
    Mahajan, P., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. Computer Communications Review 32(3), 62–73 (2002)CrossRefGoogle Scholar
  15. 15.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet denial-of-service activity. In: Proceedings of the 10th USENIX Security Symposium, August 2001, pp. 9–22 (2001)Google Scholar
  16. 16.
    NetContinuum. Web application firewall: How netcontinuum stops the 21 classes of web application threatsGoogle Scholar
  17. 17.
    P-Cube. DoS protectionGoogle Scholar
  18. 18.
    P-Cube. Minimizing the effects of DoS attacksGoogle Scholar
  19. 19.
    Riverhead Networks. Defeating DDoS attacksGoogle Scholar
  20. 20.
    Schwartz, S.M.: Frequency hopping spread spectrum (fhss)Google Scholar
  21. 21.
    Yaar, A., Perrig, A., Song, D.: Pi: A path identification mechanism to defend against DDoS attacks. In: IEEE Symposium on Security and Privacy (May 2003)Google Scholar
  22. 22.
    Yaar, A., Perrig, A., Song, D.: An endhost capability mechanism to mitigate DDoS flooding attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Gal Badishi
    • 1
  • Amir Herzberg
    • 2
  • Idit Keidar
    • 1
  1. 1.The Technion Department of Electrical Engineering 
  2. 2.Department of Computer ScienceBar Ilan University 

Personalised recommendations