DDoS defense by offense

Computer Communication Review

Volumn 36, Issue 4, 2006, Pages 303-314

  Walfish, Michael ^a   Vutukuru, Mythili ^a   Balakrishnan, Hari ^a   Karger, David ^a   Shenker, Scott ^b  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Bandwidth; Currency; DoS attack

Indexed keywords

COMPUTATIONAL RESOURCES; CURRENCY; DISTRIBUTED DENIAL OF SERVICE (DDOS); DOS ATTACK;

BANDWIDTH; COMPUTER AIDED DESIGN; COMPUTER CRIME; DISTRIBUTED COMPUTER SYSTEMS; SERVERS; TELECOMMUNICATION TRAFFIC;

SECURITY OF DATA;

EID: 33750366503     PISSN: 01464833     EISSN: 01464833     Source Type: Conference Proceeding    
DOI: 10.1145/1151659.1159948     Document Type: Conference Paper

References (51)

1. M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. In NDSS, 2003.
2. S. Agarwal, T. Dawson, and C. Tryfonas. DDoS mitigation via regional cleaning centers. Sprint ATL Research Report RR04-ATL-013177, Aug. 2003.
3. D. G. Andersen et al. System support for bandwidth management and content adaptation in Internet applications. In OSDI, Sept. 2000.
4. T. Anderson, T. Roscoe, and D. Wetherall. Preventing Internet denial-of-service with capabilities. In HotNets, Nov. 2003.
5. Arbor Networks, Inc. http://www.arbornetworks.com.
6. T. Aura, P. Nikander, and J. Leiwo. DoS-resistant authentication with client puzzles. In Intl. Wkshp. on Security Prots., 2000.
7. A. Back. Hashcash. http://www.cypherspace.org/adam/hashcash/.
8. G. Banga, P. Druschel, and J. C. Mogul. Resource containers: A new facility for resource management in server systems. In OSDI, Feb. 1999.
9. Cisco Guard, Cisco Systems, Inc. http://www.cisco.com.
10. Criminal Complaint USA v. Ashley, Hall, Schictel, Roby, and Walker, Aug. 2004. http://www.reverse.net/operationcyberslam.pdf.
11. C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In CRYPTO, 2003.
12. C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In CRYPTO, 1992.
13. Emulab. http://www.emulab.net.
14. N. Feamster, J. Jung, and H. Balakrishnan. An empirical study of "bogon" route advertisements. CCR, 35(1), Jan. 2005.
15. C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot. Packet-level traffic measurements from the Sprint IP backbone. IEEE Network, 17(6), 2003.
16. V. D. Gligor. Guaranteeing access in spite of distributed service-flooding attacks. In Intl. Wkshp. on Security Prots., 2003.
17. C. A. Gunter, S. Khanna, K. Tan, and S. Venkatesth. DoS protection for reliably authenticated broadcast. In NDSS, 2004.
18. M. Handley. Internet architecture WG: DoS-resislant Internet subgroup report, 2005. http://www.communicationsresearch.net/dos-resistant/meeting-1/cii- dos-summary.pdf.
19. Honeynet Project and Research Alliance. Know your enemy: Tracking botnets. Mar. 2005. http://www.honeynet.org/papers/bots/.
20. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, 1999.
21. S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In USENIX NSDI, May 2005.
22. E. Kohler, M. Handley, and S. Floyd. Designing DCCP: Congestion control without reliability. In SIGCOMM, Sept. 2006.
23. M. Krohn. Building secure high-performance Web services with OKWS. In USENIX Technical Conference, June 2004.
24. B. Laurie and R. Clayton. "Proof-of-Work" proves not to work; version 0.2, Sept. 2004. http://www.cl.cam.ac.uk/users/rncl/proofwork2.pdf.
25. D. Mankins, R. Krishnan, C. Boyd, J. Zao, and M. Frentz. Mitigating distributed denial of service attacks with dynamic resource pricing. In Proc. IEEE ACSAC, Dec. 2001.
26. D. Mazières. A toolkit for user-level file systems. In USENIX Technical Conference, June 2001.
27. Mazu Networks, Inc. http://mazunetworks.com.
28. J. Mirkovic and P. Reiher. A taxonomy of DDoS attacks and DDoS defense mechanisms. CCR, 34(2), Apr. 2004.
29. W. Morein, A. Stavrou, D. Cook, A. Keromytis, V. Mishra, and D. Rubenstein. Using graphic turing tests to counter automated DDoS attacks against Web servers. In ACM CCS, Oct. 2003.
30. Network World. Extortion via DDoS on the rise. May 2005. http://www.networkworld.com/news/2005/051605-ddos-extortion.html.
31. K. Park, V. S. Pai, K.-W. Lee, and S. Calo. Securing Web service by automatic robot detection. In USENIX Technical Conference, June 2006.
32. Pittsburgh Post-Gazette. CMU student taps brain's game skills. Oct. 5, 2003. http://www.post-gazette.com/pg/03278/228349.stm.
33. Prolexic Technologies, Inc. http://www.prolexic.com.
34. A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In SIGCOMM, Sept. 2006.
35. V. Ramasubramanian and E. G. Sirer. The design and implementation of a next generation name service for the Internet. In SIGCOMM, Aug. 2004.
36. E. Ratliff. The zombie hunters. The New Yorker, Oct. 10, 2005.
37. SecurityFocus. FBI busts alleged DDoS mafia. Aug. 2004. http://www.securityfocus.com/news/9411.
38. V. Sekar, N. Duffield, O. Spatscheck, J. van der Merwe, and H. Zhang. LADS: Large-scale automated DDoS detection system. In USENIX Technical Conference, June 2006.
39. M. Sherr, M. Greenwald, C. A. Gunter, S. Khanna, and S. S. Venkatesh. Mitigating DoS attack through selective bin verification. In 1st Wkshp. on Secure Netwk. Protcls., Nov. 2005.
40. K. K. Singh. Botnets - An introduction, 2006. http://www-static.cc. gatech.edu/classes/AY2006/cs6262_spring/botnets.ppt.
41. Spammer-X. Inside the SPAM Cartel. Syngress, 2004. Page 40.
42. Stupid Google virus/spyware CAPTCHA page. http://www.spy.org.uk/spyblog/ 2005/06/stupid_google_virusspyware_cap.html.
43. TechWeb News. Dutch botnet bigger than expected. Oct. 2005. http://informationweek.com/story/showArticle.jhtm?articleID=172303265.
44. The Register. East European gangs in online protection racket. Nov. 2003.
45. D. Thomas. Deterrence must be the key to avoiding DDoS attacks, 2005. http://www.vnunet.com/computing/analysis/2137395/deterrence-key-avoiding-ddos- attacks.
46. R. Vasudevan, Z. M. Mao, O. Spatscheck, and J. van der Merwe. Reval: A tool for real-time evaluation of DDoS mitigation strategies. In USENIX Technical Conference, June 2006.
47. L. von Ahn, M. Blum, and J. Langford. Telling humans and computers apart automatically. CACM, 47(2), Feb. 2004.
48. M. Walfish, H. Balakrishnan, D. Karger, and S. Shenker. DoS: Fighting fire with fire. In HotNets, Nov. 2005.
49. X. Wang and M. Reiter. Defending against denial-of-service attacks with puzzle auctions. In IEEE Symp. on Security and Privacy, May 2003.
50. A. Yaar, A. Perrig, and D. Song. SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks. In IEEE Symp. on Security and Privacy, May 2004.
51. X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting network architecture. In SIGCOMM, Aug. 2005.