论文信息 - Defending Denial of Service: State Overload Attacks

Defending Denial of Service: State Overload Attacks

-----------------------------------------------------------------------ABSTRACT-----------------------------------------------------In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. Several value-added services have been proposed for deployment in the Internet. IP multicast is an example of such a service. IP multicast[2] is a stateful service in that it requires routers to maintain State for forwarding multicast data toward receivers. This characteristic makes the service and its users vulnerable to denial-of-service (DoS) attacks. One type of attack aims to saturate the available buffer space for storing state information at the routers. A successful attack can prevent end systems from properly joining multicast groups. In this paper, we present a solution to state overload attacks;

V. Saravanan | S S Nagamuthu Krishnan | V. Saravanan | S. Krishnan

[1] Kevin C. Almeroth,et al. The evolution of multicast: from the MBone to interdomain multicast to Internet2 deployment , 2000, IEEE Netw..

[2] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[3] Mark Handley,et al. Steps towards a DoS-resistant internet architecture , 2004, FDNA '04.

[4] David Meyer,et al. Network Working Group Protocol Independent Multicast -sparse Mode (pim-sm) Multicast Routing Security Issues and Enhancements 3.2.1. Sending Multicast to Empty Groups (data Flooding) ...7 3.2.2. Disturbing Existing Group by Sending to It , 2022 .

[5] David Thaler,et al. Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[6] Balachander Krishnamurthy,et al. On the use and performance of content distribution networks , 2001, IMW '01.

[7] Kamil Saraç,et al. Defending Network-Based Services Against Denial of Service Attacks , 2006, Proceedings of 15th International Conference on Computer Communications and Networks.

[8] Scott Shenker,et al. General Characterization Parameters for Integrated Service Network Elements , 1997, RFC.

[9] Christophe Diot,et al. Deployment issues for the IP multicast service and architecture , 2000, IEEE Netw..