From: Jenny Liu (jen@cs.washington.edu)
Date: Wed Dec 01 2004 - 08:06:01 PST
The authors of "Controlling High Bandwidth Aggregates in the Network"
present 2 main ideas for limiting the damage done by DoS attacks and
flash crowds. The ideas are based on the observation that the packets
involved in a DoS attack or a flash crowd will share certain properties
that can be used to identify and restrict packets with those properties
(aggregates). The first idea is local aggregate-based congestion
control, in which responsible aggregates are identified and rate-limited
(by being queud together separately from other traffic) at the
destination server. The second idea is pushback, which destination
servers can invoke when local aggregate-based congestion control is not
enough. In invoking pushback, destination servers ask upstream routers
carrying the aggregate traffic to rate limit that traffic. These
routers can then ask the same of their upstream routers if necessary.
The simulations presented show the value of these ideas. However since
DoS attacks come from malicious adversaries, it seems likely that if
aggregate-based congestion control is deployed, it wll merely up the
arms race between malicious attackers and destination servers.
Malicious adversaries will be able to get around ACC quite easily by
using enough different source or destination addresses for packets
involved in the attack that a single aggregate can't be found.
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 08:06:09 PST