Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2003
ACM
2003
ACM
DoS protection for UDP-based protocols
Since IP packet reassembly requires resources, a denial of service attack can be mounted by swamping a receiver with IP fragments. In this paper we argue how this attack need not affect protocols that do not rely on IP fragmentation, and argue how most protocols, e.g., those that run on top of TCP, can avoid the need for fragmentation. However, protocols such as IPsec’s IKE protocol, which both runs on top of UDP and requires sending large packets, depend on IP packet reassembly. Photuris, an early proposal for IKE, introduced the concept of a stateless cookie, intended for DoS protection. However, the stateless cookie mechanism cannot protect against a DoS attack unless the receiver can successfully receive the cookie, which it will not be able to do if reassembly resources are exhausted. Thus, without additional design and/or implementation defenses, an attacker can successfully, through a fragmentation attack, prevent legitimate IKE handshakes from completing. Defense against thi...
Real-time TrafficCCS 2003 | IP Packet Reassembly | Reassembly Requires Resources | Security Privacy | Stateless Cookie |
| Added | 06 Jul 2010 |
| Updated | 06 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | CCS |
| Authors | Charlie Kaufman, Radia J. Perlman, Bill Sommerfeld |
Comments (0)
Researcher Info
|
