Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
作者: Christoph Dietzel , Anja Feldmann , Thomas King
DOI: 10.1007/978-3-319-30505-9_24
关键词:
摘要: DDoS attacks remain a serious threat not only to the edge of Internet but also core peering links at Exchange Points (IXPs). Currently, main mitigation technique is blackhole traffic specific IP prefix upstream providers. Blackholing an operational that allows peer announce via BGP another peer, which then discards destined for this prefix. However, as far we know there anecdotal evidence success blackholing.
springer.com
core.ac.uk
mpg.de
sci-hub.se 参考文章(30)
A.T. Mizrak, S. Savage, K. Marzullo, Detecting compromised routers via packet forwarding behavior IEEE Network. ,vol. 22, pp. 34- 39 ,(2008) , 10.1109/MNET.2008.4476069
Thomas Hupperich, Marc Kührer, Christian Rossow, Thorsten Holz, Exit from hell? reducing the impact of amplification DDoS attacks usenix security symposium. pp. 111- 125 ,(2014)
J. M. Gonzalez, M. Anwar, J. B. D. Joshi, A trust-based approach against IP-spoofing attacks conference on privacy, security and trust. pp. 63- 70 ,(2011) , 10.1109/PST.2011.5971965
J. Mirkovic, G. Prier, P. Reiher, Source-end DDoS defense network computing and applications. pp. 171- 178 ,(2003) , 10.1109/NCA.2003.1201153
David Andersen, Hari Balakrishnan, Frans Kaashoek, Robert Morris, Resilient overlay networks symposium on operating systems principles. ,vol. 35, pp. 131- 145 ,(2001) , 10.1145/502034.502048
Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, Scott Shenker, Controlling high bandwidth aggregates in the network acm special interest group on data communication. ,vol. 32, pp. 62- 73 ,(2002) , 10.1145/571697.571724
S. Abdelsayed, D. Glimsholt, C. Leckie, S. Ryan, S. Shami, An efficient filter for denial-of-service bandwidth attacks global communications conference. ,vol. 3, pp. 1353- 1357 ,(2003) , 10.1109/GLOCOM.2003.1258459
Stephen M. Specht, Ruby B. Lee, Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures ISCA PDCS. pp. 543- 550 ,(2004)
Kihong Park, Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '01. ,vol. 31, pp. 15- 26 ,(2001) , 10.1145/383059.383061
Saman Taghavi Zargar, James Joshi, David Tipper, A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks IEEE Communications Surveys and Tutorials. ,vol. 15, pp. 2046- 2069 ,(2013) , 10.1109/SURV.2013.031413.00127