This paper presents a system for defending against Distributed Denial of Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, where the main issue is identifying the subset of trafffic, which we call an aggregate, responsible for the congestion. Functionality is added to routers that helps relieve congestion caused by aggregates that do not obey TCP-like congestion control. Such aggregates are identified, usually at an access router or stub network, and preferentially dropped. Also, requests to preferentially drop the identified aggregates are back-propagated toward the sources of the traffic, in order to enhance service to well-behaved flows that may be sharing links with the bad traffic. We have implemented this approach under FreeBSD, and we have shown promising results for how such a system could be incorporated in core routers.
Did you find this white paper useful?
23 out of 50 users found this white paper useful
Related white papers
Large West Coast Law Firm Uses Biscom Delivery Server to Ensure Client Privacy and Save on Courier Costs
One of the largest law firms in the United States with more than 500 attorneys and nearly 50 offices in major metropolitan areas was primarily focused on ensuring privacy protection...
Stewart Title Guaranty Company Reduces Courier and FTP Costs Using Biscom Delivery Server for Timely, Accurate, and Trackable Distribution of Software to Their Customers
Stewart delivers state-of-the-art real estate information services, software, and solutions to its clients. Since federal and state laws are in constant flux, Stewart's customers require regular software updates to stay...
By Using Biscom Delivery Server to Send Large Files Both Internally and to Their Clients, John Wieland Homes and Neighborhoods Reduces Help Desk Calls, Eliminates Dependency on Email Attachments, and Secures Company Data
Since John Wieland (JW) Homes develops property, they have three groups that constantly need to access, share and edit large files. Since the company has a strict 10MB email attachment...
Integrated Trade Systems, Inc. Is Able to Track and Ensure Timely Purchase Order Delivery by Using Biscom Delivery Server to Send Files Securely
Integrated Trade Systems (ITS) provides procurement services for Mexican-owned PEtroleos MEXicanos (PEMEX), the sixth largest oil company in the world. ITS needed a fast, efficient way for PEMEX's buyers to...
The Wake County Public School System Uses Biscom Delivery Server (BDS) To: Ensure Privacy of Student and Employee Files, Comply With the Family Educational Rights and Privacy Act and Eliminate Transmission of Unsecured Email Transmissions
The Wake County Public School System (WCPSS) is one of the twenty largest school districts in the nation. WCPSS's challenge primarily focused on ensuring privacy protection of confidential information. Despite...
Secure File Transfer
Biscom Delivery Server (BDS) was built from the ground up to be a superior enterprise-class file delivery solution, one explicitly designed for today's more demanding file delivery needs. Available as...
Top 10 Questions to Ask When Choosing a File Transfer Solution
Transferring, securing, and collaborating on large files and documents in today's enterprise business environment has led users to demand better, more manageable file transfer methods than the traditional FTP, email,...
