Title :
High-speed router filter for blocking TCP flooding under DDoS attack
Author :
Kim, Yoohwan ; Jo, Ju-Yeon ; Chao, H. Jonathan ; Merat, Frank
Author_Institution :
Electr. Eng. & Comput. Sci. Dept, Case Western Reserve Univ., Cleveland, OH, USA
Abstract :
We present a hardware solution that can reliably block most of the malicious TCP traffic at the edge routers while passing the legitimate TCP traffic during a distributed denial-of-service (DDoS) attack on the Internet. By allocating bandwidths separately for TCP, the TCP portion of the bandwidth can be protected. In a simulation study, the filter successfully blocked 99.9% of the attack traffic while legitimate traffic showed nearly identical performance as in the non-attacked condition. This filtering is transparent to the hosts or routers and a filtering device can be easily attached to router ports.
Keywords :
Internet; bandwidth allocation; computer crime; filters; telecommunication security; telecommunication traffic; transport protocols; DDoS attack; Internet; TCP flooding blocking; bandwidth allocation; distributed denial-of-service attack; router filter; Band pass filters; Bandwidth; Computer crime; Floods; Hardware; Information filtering; Information filters; Internet; Protection; Traffic control;
Conference_Titel :
Performance, Computing, and Communications Conference, 2003. Conference Proceedings of the 2003 IEEE International
Print_ISBN :
0-7803-7893-8
DOI :
10.1109/PCCC.2003.1203698
