Sciweavers

ICCCN
2008
IEEE

Sentinel: Hardware-Accelerated Mitigation of Bot-Based DDoS Attacks

14 years 5 months ago
Sentinel: Hardware-Accelerated Mitigation of Bot-Based DDoS Attacks
—Effective defenses against DDoS attacks that deplete resources at the network and transport layers have been deployed commercially. Therefore, DDoS attacks increasingly use normallooking application-layer requests to waste server CPU or disk capacity. CAPTCHAs attempt to distinguish bots from human clients and are often used to avoid such attacks. However, CAPTCHAs themselves consume resources and frequently are defeated. Kill-Bots reduces CAPTCHA overhead by pushing client authentication into the kernel. However, Kill-Bots requires kernel modifications, which can be infeasible. We describe the design, implementation, and performance evaluation of Sentinel, a network device that overcomes several limitations in KillBots. Sentinel can be easily deployed as a bridge in front of server farms, modularly accepts a variety of present and future authentication schemes, and can use network processors to accelerate authentication. Experiments show that Sentinel greatly reduces the impact of...
Peter Djalaliev, Muhammad Jamshed, Nicholas Farnan
Added 30 May 2010
Updated 30 May 2010
Type Conference
Year 2008
Where ICCCN
Authors Peter Djalaliev, Muhammad Jamshed, Nicholas Farnan, José Carlos Brustoloni
Comments (0)