DoS-Resistant Internet WG: Architectural Solutions

The following is a list of the architectural ideas we are exploring as part of the CRN DoS-Resistant Internet WG.

Steps Towards a DoS-Resistant Internet Architecture
Mark Handley and Adam Greenhalgh.
ACM SIGCOMM Workshop on Future Directions in Network Architecture (FDNA 2004).
This paper discusses changing the addressing architecture of the Internet, in such a way that source-address spoofing becomes impossible, and worms become more difficult to spread.
Also Mac PPT slides.

Using Routing and Tunneling to Combat DoS Attacks
Adam Greenhalgh, Mark Handley, Felipe Huici
Proc. Usenix workshop on Steps to Reducing Unwanted Traffic on the Internet, Cambridge, MA, July 2005.
This paper was inspired by the "Steps" paper, but aims to design something that is incrementally deployable today. The general idea is ro set up protected servernets that can span multiple ISPs. Traffic coming into the servernets is forced through control points which use encapsulation to mark the traffic in such a way that the server knows which control points are willing to assist it in shutting down unwanted traffic.
Also Mac PPT slides.

Policing Congestion Response in an Internetwork using Re-feedback
Bob Briscoe, Arnaud Jacquet, Carla Di Cairano-Gilfredder, Alessandro Salvatori, Andrea Soppera, Martin Koyabe.
Proc ACM Sigcomm 2005, Philadelphia, P, USA.
This paper introduces the re-feedback mechanism, which feeds back information about the congestion level (or other properties) of the path to the sender, whereupon this information is re-inserted into subsequent packets. The result is that the sender has no incentive to under or over state the congestion level - if he understates it, his traffic will be dropped near to the receiver, if he overstates it he gets policed near to the source. This mechanism is then embedded in a incentive framework for inter-provider economics.

The Case for Pushing DNS
Mark Handley, Adam Greenhalgh
not yet published This paper presents a brute-force approach to solving DNS DoS problems by using a peer-to-peer infrastructure to simply push signed DNS records to hundreds of thousands of nameservers worldwide.