Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IJNSEC
2008
2008
Detecting and Preventing IP-spoofed Distributed DoS Attacks
In this paper, we explore mechanisms for defending against Distributed Denial of Service (DDoS) attacks, have become one of the major threats to the operation of the Internet today. We propose a novel scheme for detecting and preventing the most harmful and difficult to detect DDoS Attacks--those that use IP address spoofing to disguise the attack flow. Our scheme is based on a firewall that can distinguish the attack packets (containing spoofed source addresses) from the packets sent by legitimate users, and thus filters out most of the attack packets before they reach the victim. Unlike the other packet-marking based solutions, our scheme has a very low deployment cost; We estimate that an implementation of this scheme would require the cooperation of only about 20% of the Internet routers in the marking process. The scheme allows the firewall system to configure itself based on the normal traffic of a Web server, so that the occurrence of an attack can be quickly and precisely dete...
Real-time TrafficRelated Content
| Added | 12 Dec 2010 |
| Updated | 12 Dec 2010 |
| Type | Journal |
| Year | 2008 |
| Where | IJNSEC |
| Authors | Yao Chen, Shantanu Das, Pulak Dhar, Abdulmotaleb El-Saddik, Amiya Nayak |
Comments (0)
Researcher Info
|
