Real-time protection against DDoS attacks using active gateways

This paper presents solutions for protecting servers against distributed denial-of-service (DDoS) attacks that inundate the system with file download and script execution requests. Our solution uses a dynamic packet filtering on dual-ported active NIC based gateways to drop attacking packets based on locally measured request rates and information from the server (such as server loading, number of incomplete connections). A variety of techniques for performing such packet filtering in real-time are discussed. A prototype implementation using a test bed of several clients, attacking machines and servers indicates that considerable improvements in the response times to legitimate requests and overall improvements in the performance of the servers are realized by the proposed scheme. As a sustained high-volume attack is started, the intelligent gateway is successful in detecting and filtering out apparently malicious traffic in only a few 10s of seconds.