Computer Science – Networking and Internet Architecture
Scientific paper
2010-08-31
Computer Science
Networking and Internet Architecture
The original paper is published in SIGCOMM 2010
Scientific paper
Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions of dollars of financial loss. This work presents NetFence, a scalable DoS-resistant network architecture. NetFence uses a novel mechanism, secure congestion policing feedback, to enable robust congestion policing inside the network. Bottleneck routers update the feedback in packet headers to signal congestion, and access routers use it to police senders' traffic. Targeted DoS victims can use the secure congestion policing feedback as capability tokens to suppress unwanted traffic. When compromised senders and receivers organize into pairs to congest a network link, NetFence provably guarantees a legitimate sender its fair share of network resources without keeping per-host state at the congested link. We use a Linux implementation, ns-2 simulations, and theoretical analysis to show that NetFence is an effective and scalable DoS solution: it reduces the amount of state maintained by a congested router from per-host to at most per-(Autonomous System).
Liu Xin
Xia Yong
Yang Xiaowei
No associations
LandOfFree
NetFence: Preventing Internet Denial of Service from Inside Out does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with NetFence: Preventing Internet Denial of Service from Inside Out, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and NetFence: Preventing Internet Denial of Service from Inside Out will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-645552