The case for TCP/IP puzzles

Proceedings of the ACM SIGCOMM Workshop on Future Directions in Network Architecture, FDNA '03

Volumn , Issue , 2003, Pages 322-327

  Feng, Wu Chang ^a  

^a OREGON HEALTH AND SCIENCE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLIENT PUZZLES; DDOS ATTACK; DENIAL OF SERVICE ATTACKS; DISTRIBUTED DENIAL OF SERVICE ATTACK; MORRIS WORM; PORT SCANS; RESEARCH ISSUES; TCP/IP PROTOCOL;

COMPUTER VIRUSES; INTERNET; NETWORK ARCHITECTURE; SECURITY OF DATA; VIRUSES;

INTERNET PROTOCOLS;

EID: 77953175954     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/944759.944771     Document Type: Conference Paper

References (48)

1. D. Clark, "NSF ANIR PI Meeting Keynote Address," Reston, VA, 2003.
2. D. Moore, C. Shannon, and J. Brown, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm," in Internet Measurement Workshop, November 2002.
3. L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, S. Wu, and L. Zhang, "Observation and Analysis of BGP Behavior Under Stress," in Internet Measurement Workshop, November 2002.
4. J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites," in International World Wide Web Conference, May 2002, pp. 252-262.
5. F. Kargl, J. Maier, and M. Weber, "Protecting Web Servers from Distributed Denial of Service Attacks," in World Wide Web, 2001, pp. 514-524.
6. S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in Your Spare Time," in 11th USENIX Security Symposium (Security '02), 2002.
7. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "The Spread of the Sapphire/Slammer Worm," http://www.caida.org/ outreach/papers/2003/sapphire/, 2003.
8. A. Juels and J. Brainard, "Client Puzzles: A Cryptographic Defense Against Connection Depletion," in NDSS, 1999, pp. 151-165.
9. D. Dean and A. Stubblefield, "Using Client Puzzles to Protect TLS," in 10th Annual USENIX Security Symposium, 2001.
10. T. Aura, P. Nikander, and J. Leiwo, "DOS-Resistant Authentication with Client Puzzles," Lecture Notes in Computer Science, vol. 2133, 2001.
11. J. Leiwo, T. Aura, and P. Nikander, "Towards Network Denial of Service Resistant Protocols," in SEC, 2000, pp. 301-310.
12. M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. Wallach, "Security for Peer-to-Peer Routing Overlays," in Proceedings of OSDI, December 2002.
13. M. Abadi, M. Burrows, M. Manasse, and T. Wobber, "Moderately Hard, Memory-bound Functions," 2003.
14. I. Clarke, O. Sandberg, B. Wiley, and T. Hong, "Freenet: A Distributed Anonymous Information Storage and Retrieval System," Lecture Notes in Computer Science, vol. 2009, pp. 46+, 2001.
15. B. Braden, N. Chiappa, D. Clark, T. Faber, A. Falk, M. Handley, S. Shenker, K. Sollins, and J. Wroclawski, "NewArch Project: Future-Generation Internet Architecture," http://www.isi.edu/newarch/, 2003.
16. J. Postel, D. Johnson, T. Markson, B. Simpson, and Z. Su, "ICMP Type Numbers," http://www.iana.org/assignments/icmp-parameters, 2001.
17. B. Carpenter, D. Estrin, D. Farinacci, G. Finn, C. Graff, D. Katz, J. Postel, A. Malis, and R. Ullman, "IP Option Numbers," http://www.iana.org/assignments/ip-parameters, 2001.
18. S. Bellovin, B. Braden, M. Bridges, S. Knowles, J. Kay, K. Scott, S. Subramaniam, and V. Sukonnik, "TCP Option Numbers," http://www.iana.org/assignments/tcp-parameters, 2001.
19. Fyodor, "Remote OS detection via TCP/IP Stack FingerPrinting," http://www.insecure.org/nmap/, 1998.
20. R. Deraison, "Nessus," http://www.nessus.org/, 2003.
21. D. Kaminsky, "Doxpara: Paketto Keiretsu (scanrand)," http://www.doxpara.com/read.php/code/paketto.html, 2002.
22. E. Spafford, "The Internet Worm: Crisis and Aftermath," Communications of the ACM, vol. 32, no. 6, pp. 678-698, June 1989.
23. W. Cheswick and S. Bellovin, "Firewalls and Internet Security,".
24. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," Computer Communication Review, vol. 32, no. 3, July 2002.
25. D. Kaminsky, "Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release," http://slashdot.org/article.pl?sid=02/11/18/2032225&mode= thread, 2003.
26. U.S. Department of Justice: Federal Bureau of Investigation, "Mafiaboy," http://www.fbi.gov/pressrel/pressrel00/mafia080700.htm, 2000.
27. V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks," Computer Communication Review, vol. 31, no. 3, July 2001.
28. Network Dweebs Corporation, "Apache DoS Evasive Maneuvers Module," http://www.networkdweebs.com/stuff/security.html, 2003.
29. D. Bernstein, "SYN Cookies," http://cr.yp.to/syncookies.html, 2003.
30. C. Estan and G. Varghese, "New Directions in Traffic Measurement and Accounting," in Internet Measurement Workshop, November 2001, pp. 75-80.
31. W. Feng, D. Kandlur, D. Saha, and K. Shin, "Stochastic Fair Blue: A Queue Management Algorithm for Enforcing Fairness," in Proc. of INFOCOM, April 2001.
32. C. Huegen, "Network-based Denial of Service Attacks," http://www.nanog.org/mtg-9806, June 1998.
33. H. Balakrishnan and S. Seshan, "The Congestion Manager," RFC 3124, June 2001.
34. T. Mitchell, Machine Learning, McGraw Hill, 1997.
35. K. Ramakrishnan and S. Floyd, "A Proposal to Add Explicit Congestion Notification (ECN) to IP," RFC 2481, January 1999.
36. L. Brakmo, S. O'Malley, and L. Peterson, "TCP Vegas: New Techniques for Congestion Detection and Avoidance," in Proceedings of ACM SIGCOMM, October 1994, pp. 24-35.
37. V. Jacobson, "Modified TCP Congestion Avoidance Algorithm," end2end-interest mailing list (ftp://ftp.ee.lbl.gov/email/vanj.90apr30.txt), April 1990.
38. W. Stevens, "TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery Algorithms," RFC 2001, January 1997.
39. J. Padhye, V. Firoiu, D. Towsley, and J. Kurose, "Modeling TCP Throughput: A Simple Model and its Empirical Validation," in Proceedings of ACM SIGCOMM, September 1998.
40. S. Floyd and V. Jacobson, "Random Early Detection Gateways for Congestion Avoidance," ACM/IEEE Transactions on Networking, vol. 1, no. 4, pp. 397-413, August 1993.
41. C. Hollot, V. Misra, D. Towsley, and W. Gong, "On Designing Improved Controllers for AQM Routers Supporting TCP Flows," in INFOCOM, 2001, pp. 1726-1734.
42. T. Ott, T. Lakshman, and L. Gong, "SRED: Stabilized RED," in Proceedings of IEEE INFOCOM, March 1999.
43. S. Athuraliya, S. Low, V. Li, and Q. Yin, "REM: Active Queue Management," IEEE Network Magazine, vol. 15, no. 3, May 2001.
44. W. Feng, D. Kandlur, D. Saha, and K. Shin, "The Blue Queue Management Algorithms," IEEE/ACM Transactions on Networking, vol. 10, no. 4, August 2002.
45. D. Mankins, R. Krishnan, C. Boyd, J. Zaho, and M. Frentz, "Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing," in Proceedings of Annual Computer Security Applications Conference (ACSAC 2001), 2001.
46. ACM SIGCOMM, "http://www.acm.org/sigcomm/sigcomm2003/workshop/ ripqos/," Workshop on Revisiting IP QoS: Why Do We Care, What Have We Learned? (RIPQOS), 2003.
47. R. Lemos, "Counting the Cost of Slammer," http://news.com.com/ 2100-1001-982955.html, January 2003.
48. W. Feng, "PuzzleNet Project," http://www.cse.ogi.edu/sysl/ projects/puzzles