Publication:
A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients

Authors
Braun, M.
Xie, Geoffrey
Subjects
Advisors
Date of Issue
2002-10
Date
October 2002
Publisher
Language
Abstract
Differentiated Service (DiffServ) networks provide Quality of Service (QoS) guarantees by policing traffic into a fixed number of pre-existing classes. DoS¹ attacks against DiffServ clients will be more targeted and require less attack bandwidth than current attacks due to the per-client and per-class bandwidth limitations which must be imposed to ensure QoS guarantees. In this paper, we present a technique for defeating a DoS attack on a DiffServ client through dynamic modification of packet headers. This technique allows the DiffServ network to distinguish valid traffic from malicious traffic, but does not require cryptographic processing on a per-packet basis and does not increase packet size. We also examine the sensitivity of our system to the traffic policerâ s token bucket size.
Type
Description
Proc. Tenth Int. Conf. on Telecommunication Systems: Modeling and Analysis, pp. 204-213, Monterey, CA, October 2002.
Series/Report No
Department
Computer Science (CS)
Other Units
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.