Keeping Denial-of-Service Attackers in the Dark.

Authors: Gal Badishi, Amir Herzberg, and Idit Keidar.

In the 19th International Symposium on Distributed Computing (DISC 2005), Lecture Notes in Computer Science Volume 3724, pages 18-32, September 2005.
Full version in IEEE Transactions on Dependable and Secure Computing (TDSC) 4:3, July-September 2007.


We consider the problem of overcoming (Distributed) Denial of Service (DoS) attacks by realistic adversaries that can eavesdrop on messages, or parts thereof, but with some delay. We show a protocol that mitigates DoS attacks by eavesdropping adversaries, using only available, efficient packet filtering mechanisms based mainly on (addresses and) port numbers. Our protocol avoids the use of fixed ports, and instead performs `pseudo-random port hopping'. We model the underlying packet-filtering services and define measures for the capabilities of the adversary and for the success rate of the protocol. Using these, we analyze the proposed protocol, and show that it provides effective DoS prevention for realistic attack and deployment scenarios.

Dowload DISC paper: ps, ps.gz, pdf, pdf.gz.
TDSC paper: pdf.

Position paper: How to Build a Dam: Fighting Application-Level DoS Attacks.

In the International Conference on Dependable Systems and Networks (DSN), Fast Abstracts Supplement, Yokohama, Japan, June--July, 2005.

Dowload DSN Fast Abstract (position paper): ps, ps.gz, pdf, pdf.gz.

Last modified: Wed May 23 16:54:54 IDT 2007