Distributed DoS Attack Prevention using Route-Based Distributed Packet Filtering

Page Content

Heejo Lee

Jan 17, 2001

PDF Slides PDF () RealMedia Icon RealVideo

Abstract

Effective mitigation of denial-of-service (DoS) attack is a pressing problem on the Internet. Most DoS attacks employ IP spoofing to hide the identity of the attacker's location. In many instances, DoS attacks can be prevented if the spoofed source IP address can be traced back to its origin. Recently IP traceback mechanisms have been proposed for achieving efficient traceback of DoS attacks. These traceback mechanisms, however, are susceptible to distributed DoS (DDoS) attacks. Moreover, they allow spoofed packets to exert their debilitating effect on server resources before reactively instituting corrective actions.

In this talk, we describe route-based distributed packet filtering (DPF), a novel approach to DDoS prevention, which is able to solve the weaknesses of previous IP traceback mechanisms including probabilistic packet marking and ICMP message-based traceback. We show that by exploiting routing information associated with BGP, distributed packet filtering is able to achieve a synergistic filtering effect which proactively prevents significant---but not all---spoofed IP flows from reaching their target destinations in the first place. Those spoofed IP flows that cannot be prevented from penetrating are so few in number, however, such that their origin can be localized to within 5 sites facilitating effective IP traceback. Collectively, DPF renders 88% of possible attack sites impotent, i.e., no spoofed IP flow emanating from these sites can reach other target sites which promotes scalable DDoS attack prevention. This filtering effect can be achieved by performing the filtering function at less than 20% of all autonomous systems (AS) in the Internet which makes incremental deployment feasible. Lastly, we show that the distributed filtering effect intimately depends on the power-law connectivity structure of Internet topology.

About the Speaker

Heejo Lee is a Post Doctoral Research Associate at the Network Systems Lab and CERIAS. He received his BS, MS, PhD in Computer Science and Engineering from Pohang University of Science and Technology (POSTECH), Korea in 1993, 1995 and 2000, respectively. His research interest includes network security, parallel scientific computing, and fault-tolerant computing.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

© 1999-2013 Purdue University. All rights reserved.

Use/Reuse Guidelines

CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.