Today distributed denial of service (DDoS) attacks is a major problem to the availability of Internet services. Several schemes have been proposed for countering DDoS attacks directed at an Internet server, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this paper we propose a dynamic rate throttling technique that will greatly minimize the impact of attack. The basic mechanism is to have monitoring, rate limiting and filtering routers at various levels of ISPs. The participating routers, start there function after getting a signal from a server under attack. Our scheme is invoked only during attack times, and is able to mitigate attack traffic through dynamic filtering. Server tells edge routers to rate limit the traffic according to the share of traffic which is being passed through particular routers. The solution proposed is an ISP level solution which is practical enough to be implemented. We simulate the scheme in NS-2 in Linux system. We use an Internet type topology to test our scheme and web traffic was generated to evaluate the effectiveness of scheme. Our scheme shows good improvement over static router throttling techniques which were proposed earlier. Hence we believe that the scheme proposed in this paper seems to be a promising approach to prevent DDoS attacks
[1]
Chen Eric Yi-Hua,et al.
Defending against distributed denial of service attacks
,
2005
.
[2]
Shigang Chen,et al.
Perimeter-based defense against high bandwidth DDoS attacks
,
2005,
IEEE Transactions on Parallel and Distributed Systems.
[3]
Ratul Mahajan,et al.
Controlling high bandwidth aggregates in the network
,
2002,
CCRV.
[4]
David K. Y. Yau,et al.
Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles
,
2005,
IEEE/ACM Transactions on Networking.
[5]
Vijay Varadharajan,et al.
A Practical Method to Counteract Denial of Service Attacks
,
2003,
ACSC.
[6]
Radia Perlman,et al.
Network Security
,
2002
.