Abstract
In this paper, we present a scheme that protects legitimate traffic from the large volume of attackers packets during a DDoS attack. Legitimate packets can be recognized by the tokens they carry in the IP header. Obtaining a token does not require protocol additions or changes, rather it is automatically obtained when a TCP connection is established. We believe that the Implicit Token Scheme (ITS) has numerous advantages: (1) It is totally transparent to clients. (2) No new protocols or modification of existing ones is needed to implement ITS. (3) Operations required by intermediate routers are computationally not more intensive than a couple of addition operations which could be easily done at wire-speed. (4) Does not lead to false positives. (5) Can sustain server availability even during attacks involving hundreds of thousands of attackers. Copyright 2006 ACM.
Author supplied keywords
Cite
CITATION STYLE
Farhat, H. (2006). Protecting TCP services from denial of service attacks. In Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, LSAD’06 (Vol. 2006, pp. 155–160). Association for Computing Machinery (ACM). https://doi.org/10.1145/1162666.1162674
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
