DoS-Resistant Internet WG: Architectural Solutions
The following is a list of the architectural ideas we are exploring as part of the CRN DoS-Resistant Internet WG.
-
Steps Towards a DoS-Resistant Internet Architecture
- Mark Handley and Adam Greenhalgh.
- ACM SIGCOMM Workshop on Future Directions in Network Architecture (FDNA 2004).
- This paper discusses changing the addressing architecture of the
Internet, in such a way that source-address spoofing becomes
impossible, and worms become more difficult to spread.
- Also Mac PPT slides.
- Using Routing and Tunneling to Combat DoS Attacks
- Adam Greenhalgh, Mark Handley, Felipe Huici
- Proc. Usenix workshop on Steps to Reducing Unwanted Traffic on the Internet, Cambridge, MA, July 2005.
- This paper was inspired by the "Steps" paper, but aims to design
something that is incrementally deployable today. The general idea is
ro set up protected servernets that can span multiple ISPs.
Traffic coming into the servernets is forced through control
points which use encapsulation to mark the traffic in such a way
that the server knows which control points are willing to assist it in
shutting down unwanted traffic.
- Also Mac PPT slides.
-
- Policing Congestion Response in an Internetwork using Re-feedback
- Bob Briscoe, Arnaud Jacquet, Carla Di Cairano-Gilfredder, Alessandro Salvatori, Andrea Soppera, Martin Koyabe.
- Proc ACM Sigcomm 2005, Philadelphia, P, USA.
- This paper introduces the re-feedback mechanism, which feeds back
information about the congestion level (or other properties) of the
path to the sender, whereupon this information is re-inserted into
subsequent packets. The result is that the sender has no incentive to
under or over state the congestion level - if he understates it, his
traffic will be dropped near to the receiver, if he overstates it he
gets policed near to the source. This mechanism is then embedded in a
incentive framework for inter-provider economics.
-
The Case for Pushing DNS
- Mark Handley, Adam Greenhalgh
- not yet published
This paper presents a brute-force approach to solving DNS DoS problems by using a peer-to-peer infrastructure to simply push signed DNS records to hundreds of thousands of nameservers worldwide.