Download now Free registration required
This paper presents an empirical study of the resistance of several protocols to Denial of Service (DoS) attacks on client-server communication. They show that protocols that use authentication alone, e.g., IPSec, provide protection to some extent, but are still susceptible to DoS attacks, even when the network is not congested. In contrast, a protocol that uses a changing Filtering Identifier (FI) is usually immune to DoS attacks, as long as the network itself is not congested. This approach is called FI hopping. They build and experiment with two prototype implementations of FI hopping. One implementation is a modification of IPSec in a Linux kernel, and a second implementation comes as an NDIS hook driver on a Windows machine.
- Format: PDF
- Size: 206.9 KB