Using Packet Symmetry to Curtail Malicious Traffic
作者: Jon Crowcroft , Andrew Warfield , Christian Kreibich , Steven Hand , Ian Pratt
DOI:
关键词:
摘要: This paper argues that a key omission from the original Internet architecture was of packet dynamics. The historical obsession with end-to-end design has resulted in connection signalling, flowand congestion-control loops being pushed to transport layer (if not simply ignored); these decisions have effectively legislated for sort resource exploitation attacks are problem today. We argue while is vital maximise freedom innovate, network must enforce higher degree mutual consent between communicating hosts.
sigcomm.org 参考文章(17)
Christian Kreibich, Ian A. Pratt, Evan P. Harris, Andrew W. Moore, James A. Hall, Architecture of a network monitor ,(2003)
Andrew W. Moore, Konstantina Papagiannaki, Toward the Accurate Identification of Network Applications Lecture Notes in Computer Science. pp. 41- 54 ,(2005) , 10.1007/978-3-540-31966-5_4
Thomer M. Gil, Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection usenix security symposium. pp. 3- 3 ,(2001) , 10.21236/ADA401819
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson, TCP congestion control with a misbehaving receiver ACM SIGCOMM Computer Communication Review. ,vol. 29, pp. 71- 78 ,(1999) , 10.1145/505696.505704
Tom Anderson, Timothy Roscoe, David Wetherall, Preventing Internet denial-of-service with capabilities acm special interest group on data communication. ,vol. 34, pp. 39- 44 ,(2004) , 10.1145/972374.972382
F. Baker, P. Savola, Ingress Filtering for Multihomed Networks RFC. ,vol. 3704, pp. 1- 16 ,(2004)
Katerina Argyraki, David R. Cheriton, Active internet traffic filtering: real-time response to denial-of-service attacks usenix annual technical conference. pp. 10- 10 ,(2005)
J. Mirkovic, G. Prier, P. Reiher, Attacking DDoS at the source international conference on network protocols. pp. 312- 321 ,(2002) , 10.1109/ICNP.2002.1181418
Mark Handley, Adam Greenhalgh, Steps towards a DoS-resistant internet architecture acm special interest group on data communication. pp. 49- 56 ,(2004) , 10.1145/1016707.1016717