Defeating Reflector Based Denial-of-Service Attacks Using Single Packet Filters
"Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are becoming increasingly sophisticated with few practical solutions available. In this paper, the authors consider the issue of filtering reflector based DoS attacks and of identifying attackers. For reflector based attacks, a Signature Conflict Triggered Filtering (SCTF) scheme based on Deterministic Edge Router Marking (DERM) was proposed. They suggest an enhancement to make the 3-way handshake in SCTF stateless and call it Fast-SCTF. They then propose a framework using BGP for a single-packet handshake. They demonstrate that their proposed scheme is space efficient, more secure, and robust and it requires very little cooperation among autonomous systems."