In two papers presented at the IEEE Symposium on Security and Privacy here, the graduate students suggested simple modifications to network software that could defeat denial-of-service attacks and that could be implemented in the current protocol used by the Internet. In two papers presented at the IEEE Symposium on Security and Privacy here, the graduate students suggested simple modifications to network software that could defeat denial-of-service attacks and that could be implemented in the current protocol used by the Internet.
[...]
1-The proposal takes advantage of largely unused bits in the headers of network traffic--the digitized address information attached to each electronic message--to fingerprint data based on the route the information took through a network. A victim suffering from an onslaught of data could use the fingerprint, or path-identifier number, to decide whether the traffic from certain regions of the Internet should be blocked by its Internet service provider.
"Even when the total attack traffic is 170 times the legitimate traffic, 60 percent of a server's capacity is still allocated to legitimate users," Yaar said after his presentation.
[...]
2-The second presentation, also by a graduate student at Carnegie Mellon, proposes that servers use "puzzles"--problems that take a certain amount of processing time to solve--as a means of taxing any computer that tries to communicate with the server. Such a technique, which has also been suggested as a way to defeat spammers who send unsolicited mass e-mail, would help defend against denial-of-service attacks that attempt to tie up a victim server's memory with hundreds or thousands of connections.
[...]
"Our mechanism enables each client to 'bid' for resources by tuning the difficulty of the puzzles it solves and to adapt its bidding strategy in response to apparent attacks," Wang stated in the paper that outlined his findings.
2 methods figth back (D)DoS
Reply With Quote