Location of Repository

Controlling High Bandwidth Aggregates in the Network

By Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson and Scott Shenker

Abstract

The current Internet infrastructure has very few built-in protection mechanisms, and is therefore vulnerable to attacks and failures. In particular, recent events have illustrated the Internet's vulnerability to both denial of service (DoS) attacks and ash crowds in which one or more links in the network (or servers at the edge of the network) become severely congested. In both DoS attacks and ash crowds the congestion is due neither to a single ow, nor to a general increase in trac, but to a well-de ned subset of the trac { an aggregate. This paper proposes mechanisms for detecting and controlling such high bandwidth aggregates. Our design involves both a local mechanism for detecting and controlling an aggregate at a single router, and a cooperative pushback mechanism in which a router can ask upstream routers to control an aggregate. While certainly not a panacea, these mechanisms could provide some needed relief from ash crowds and ooding-style DoS attacks. The presentation in this paper is a rst step towards a more rigorous evaluation of these mechanisms

Year: 2001
OAI identifier: oai:CiteSeerX.psu:10.1.1.19.8035
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.icir.org/floyd/../p... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.