DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks

Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic ideas of programmable networks. Active routers are capable of processing both active and legacy packets. This scenario is vulnerable to a Denial of Service attack, which consists in inserting false legacy packets into active routers. We propose a mechanism for detecting the injection of fake legacy packets into active routers. This mechanism consists in exchanging accounting information on the traffic between neighboring active routers. The exchange of accounting information must be carried out in a secure way using secure active packets. The proposed mechanism is sensitive to the loss of packets. To deal with this problem some improvements in the mechanism has been proposed. An important issue is the procedure for discharging packets when an attack has been detected. We propose an easy and efficient mechanism that would be improved in future work.Publicad

Robust Adaptive Congestion Control for Next Generation Networks

This paper deals with the problem of congestion control in a next-generation heterogeneous network scenario. The algorithm runs in the 'edge' routers (the routers collecting the traffic between two different networks) with the aim of avoiding congestion in both the network and the edge routers. The proposed algorithm extends congestion control algorithms based on the Smith's principle: i) the controller, by exploiting on-line estimates via probe packets, adapts to the delay and rate variations; ii) the controller assures robust stability in the presence of time-varying delays

WiFi Epidemiology: Can Your Neighbors' Router Make Yours Sick?

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attack and affect entire urban areas WiFi networks. In this paper we consider several scenarios for the deployment of malware that spreads solely over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for geo-referenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little time as two weeks, with the majority of the infections occurring in the first 24 to 48 hours. We indicate possible containment and prevention measure to limit the eventual harm of such an attack.Comment: 22 pages, 1 table, 4 figure

Maximum Production Of Transmission Messages Rate For Service Discovery Protocols

Minimizing the number of dropped User Datagram Protocol (UDP) messages in a network is regarded as a challenge by researchers. This issue represents serious problems for many protocols particularly those that depend on sending messages as part of their strategy, such us service discovery protocols. This paper proposes and evaluates an algorithm to predict the minimum period of time required between two or more consecutive messages and suggests the minimum queue sizes for the routers, to manage the traffic and minimise the number of dropped messages that has been caused by either congestion or queue overflow or both together. The algorithm has been applied to the Universal Plug and Play (UPnP) protocol using ns2 simulator. It was tested when the routers were connected in two configurations; as a centralized and de centralized. The message length and bandwidth of the links among the routers were taken in the consideration. The result shows Better improvement in number of dropped messages `among the routers

Resource virtualisation of network routers

There is now considerable interest in applications that transport time-sensitive data across the best-effort Internet. We present a novel network router architecture, which has the potential to improve the Quality of Service guarantees provided to such flows. This router architecture makes use of virtual machine techniques, to assign an individual virtual routelet to each network flow requiring QoS guarantees. We describe a prototype of this virtual routelet architecture, and evaluate its effectiveness. Experimental results of the performance and flow partitioning of this prototype, compared with a standard software router, suggest promise in the virtual routelet architecture

Active router approach to defeating denial-of-service attacks in networks

Denial-of-service attacks represent a major threat to modern organisations who are increasingly dependent on the integrity of their computer networks. A new approach to combating such threats introduces active routers into the network architecture. These active routers offer the combined benefits of intrusion detection, firewall functionality and data encryption and work collaboratively to provide a distributed defence mechanism. The paper provides a detailed description of the design and operation of the algorithms used by the active routers and demonstrates how this approach is able to defeat a SYN and SMURF attack. Other approaches to network design, such as the introduction of a firewall and intrusion detection systems, can be used to protect networks, however, weaknesses remain. It is proposed that the adoption of an active router approach to protecting networks overcomes many of these weaknesses and therefore offers enhanced protection

The Competition for Shortest Paths on Sparse Graphs

Optimal paths connecting randomly selected network nodes and fixed routers are studied analytically in the presence of non-linear overlap cost that penalizes congestion. Routing becomes increasingly more difficult as the number of selected nodes increases and exhibits ergodicity breaking in the case of multiple routers. A distributed linearly-scalable routing algorithm is devised. The ground state of such systems reveals non-monotonic complex behaviors in both average path-length and algorithmic convergence, depending on the network topology, and densities of communicating nodes and routers.Comment: 4 pages, 4 figure