Sciweavers

SRDS
2008
IEEE

An Empirical Study of Denial of Service Mitigation Techniques

14 years 6 months ago
An Empirical Study of Denial of Service Mitigation Techniques
We present an empirical study of the resistance of several protocols to denial of service (DoS) attacks on client-server communication. We show that protocols that use authentication alone, e.g., IPSec, provide protection to some extent, but are still susceptible to DoS attacks, even when the network is not congested. In contrast, a protocol that uses a changing filtering identifier (FI) is usually immune to DoS attacks, as long as the network itself is not congested. This approach is called FI hopping. We build and experiment with two prototype implementations of FI hopping. One implementation is a modification of IPSec in a Linux kernel, and a second implementation comes as an NDIS hook driver on a Windows machine. We present results of experiments in which client-server communication is subject to a DoS-attack. Our measurements illustrate that FI hopping withstands severe DoS attacks without hampering the client-server communication. Moreover, our implementations show that FI ho...
Gal Badishi, Amir Herzberg, Idit Keidar, Oleg Roma
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where SRDS
Authors Gal Badishi, Amir Herzberg, Idit Keidar, Oleg Romanov, Avital Yachin
Comments (0)