Title :
Shield: DoS filtering using traffic deflecting
Author :
Kline, Erik ; Afanasyev, Alexander ; Reiher, Peter
Author_Institution :
Comput. Sci. Dept., UCLA, Los Angeles, CA, USA
Abstract :
Denial-of-service (DoS) attacks continue to be a major problem on the Internet. While many defense mechanisms have been created, they all have significant deployment issues. This paper introduces a novel method that overcomes these issues, allowing a small number of deployed DoS defenses to act as secure on-demand shields for any node on the Internet. The proposed method is based on rerouting any packet addressed to a protected autonomous system (AS) through an intermediate filtering node-a shield. In this way, all potentially harmful traffic could be discarded before reaching the destination. The mechanisms for packet rerouting use existing routing techniques and do not require any kind of modification to the deployed protocols or routers. To make the proposed system feasible, from both deployment and usage points of view, traffic rerouting and outsourced filtering could be provided as an insurance-style on-demand service.
Keywords :
Internet; security of data; telecommunication network routing; telecommunication traffic; DoS filtering; Internet; autonomous system protection; defense mechanism; denial-of-service attacks; deployment issue; insurance-style on-demand service; intermediate filtering node; on-demand shields; packet rerouting; router; traffic deflecting; Charge carrier processes; Computer crime; IP networks; Insurance; Internet; Protocols; Routing; BGP; DDoS; Filtering; IP Anycast; Traffic deflection;
Conference_Titel :
Network Protocols (ICNP), 2011 19th IEEE International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4577-1392-7
DOI :
10.1109/ICNP.2011.6089077
