Automated alerting for black hole routing

Abstract

Distributed/Denial of Service (D/DoS) attacks are the most common and easy-tolaunch attacks against a computer or network. Once a D/DoS attack is recognized, there are several methods available to mitigate its impact. One of the methods is to drop the attacker's traffic at the edge of the network via Null Routing-also called Black Hole Routing (BHR). BHR is more efficient than the creation and processing of access control lists. Prior work has validated the effectiveness of BHR in mitigating D/DoS attacks in a setting where the defense is activated manually. This research built upon that work and developed a proof-of-concept automated BHR process integrated with Snort, an open source Intrusion Detection System (IDS), to facilitate a faster reaction to a D/DoS attack. A real test bed consisting of Cisco routers was created to evaluate the performance of the developed system. The results demonstrated that the automation of BHR is both possible and desirable in mitigating D/DoS attacks.