Scalable Network-Layer Defense Against Internet Bandwidth-Flooding Attacks

Free registration required

Executive Summary

In a bandwidth-flooding attack, compromised sources send high-volume traffic to the target with the purpose of causing congestion in its tail circuit and disrupting its legitimate communications. In this paper, authors present Active Internet Traffic Filtering (AITF), a network-layer defense mechanism against such attacks. AITF enables a receiver to contact misbehaving sources and ask them to stop sending it traffic; each source that has been asked to stop is policed by its own Internet Service Provider (ISP), which ensures its compliance. An ISP that hosts misbehaving sources either supports AITF (or accepts to police its misbehaving clients), or risks losing all access to the complaining receiver - this is a strong incentive to cooperate, especially when the receiver is a popular public-access site.

  • Format: PDF
  • Size: 489.2 KB