Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection
نویسندگان
چکیده
Packet floods targeting a victim’s incoming bandwidth are notoriously difficult to defend against. While a number of solutions have been proposed, such as network capabilities, thirdparty traffic scrubbing, and overlay-based protection, most suffer from drawbacks that limit their applicability in practice. We propose CAT, a new network-based flood protection scheme. In CAT, all flows must perform a three-way handshake with an in-network element to obtain permission to send data. The three-way handshake dissuades source spoofing and establishes a unique handle for the flow, which can then be used for revocation by the receiver. CAT offers the protection qualities of network capabilities, and yet does not require major archi-
منابع مشابه
2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (sruti '06) the Rising Tide: Ddos from Defective Designs and Defaults Efficient and Secure Source Authenti- Cation with Packet Passports Cookies along Trust-boundaries: Accurate and Deployable Flood Protection
Rob Thomas of Team Cymru began the workshop with a scintillating keynote address on the underground economy. Although much of the research community working on unwanted traffic issues has focused on technical aspects of various subproblems, Rob brought his direct experience with ongoing study of the underground economy dominated by the criminal elements trading in credit cards, passwords, and t...
متن کاملFlood Water Surface Profile in Tapi River- Surat
Surat is a highly developed, thickly populated cosmopolitan character city with full of various activities going on day and night. Any natural calamity which causes loss of lives to property and infrastructure along with effects on industrial processes going on has serious impact on economy of the state. Therefore, it becomes highly necessary that flood events are studied and analyzed properly ...
متن کاملImproving the functionality of syn cookies
Current Linux kernels include a facility called TCP SYN cookies, conceived to face SYN flooding attacks. However, the current implementation of SYN cookies does not support the negotiation of TCP options, although some of them are relevant for throughput performance, such as large windows or selective acknowledgment. In this paper we present an improvement of the SYN cookie protocol, using all ...
متن کاملEmotions, trust, and perceived risk: affective and cognitive routes to flood preparedness behavior.
Despite the prognoses of the effects of global warming (e.g., rising sea levels, increasing river discharges), few international studies have addressed how flood preparedness should be stimulated among private citizens. This article aims to predict Dutch citizens' flood preparedness intentions by testing a path model, including previous flood hazard experiences, trust in public flood protection...
متن کاملResisting SYN Flood DoS Attacks with a SYN Cache
Machines that provide TCP services are often susceptible to various types of Denial of Service attacks from external hosts on the network. One particular type of attack is known as a SYN flood, where external hosts attempt to overwhelm the server machine by sending a constant stream of TCP connection requests, forcing the server to allocate resources for each new connection until all resources ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006