The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of mobile phones in attacks against the core of these networks. Through a combination of measurement, simulation and analysis, we demonstrate the ability of a botnet composed of as few as 11,750 compromised mobile phones to degrade service to area-code sized regions by 93%. As such attacks are accomplished through the execution of network service requests and not a constant stream of phone calls, users are unlikely to be aware of their occurrence. We then investigate a number of significant network bottlenecks, their impact on the density of compromised nodes per base station and how they can be avoided. We conclude by discussing a number of countermeasures that may help to partially mitigate the threats posed by such attacks. 1.

We present the design and implementation of OverDoSe, an overlay network offering generic DDoS protection for targeted sites. OverDoSe clients and servers are isolated at the IP level. Overlay nodes route packets between a client and a server, and regulate traffic according to the server’s instructions. Through the use of light-weight security primitives, OverDoSe achieves resilience against compromised overlay nodes with a minimal performance overhead. OverDoSe can be deployed by a single ISP who wishes to offer DDoS protection as a value-adding service to its customers. Keywords: overlay network, Distributed Denial-of-Service, computational puzzle, compromised overlay nodes, request channel

Flooding attacks, where an attacker attempts to exhaust the downstream bandwidth of a server, are particularly difficult to defend against. Unlike other forms of DDoS such as SYN-flooding, computation attacks

Abstract. We consider the problem of designing scalable and robust information systems based on multiple servers that can survive even massive denial-of-service (DoS) attacks. More precisely, we are focusing on designing a scalable distributed hash table (DHT) that is robust against so-called past insider attacks. In a past insider attack, an adversary knows everything about the system up to some time point t0 not known to the system. After t0, the adversary can attack the system with a massive DoS attack in which it can block a constant fraction of the servers of its choice. Yet, the system should be able to survive such an attack in a sense that for any set of lookup requests, one per non-blocked (i.e., non-DoS attacked) server, every lookup request to a data item that was last updated after t0 can be served by the system, and processing all the requests just needs polylogarithmic time and work at every server. We show that such a system can be designed. 1

Despite a plethora of research in the area, none of the mechanisms proposed so far for Denial-of-Service (DoS) mitigation has been widely deployed. We argue in this paper that these deployment difficulties are primarily due to economic inefficiency, rather than to technical shortcomings of the proposed DoS-resilient technologies. We identify economic phenomena, negative externality—the benefit derived from adopting a technology depends on the action of others—and economic incentive misalignment—the party who suffers from an economic loss is different from the party who is in the best position to prevent that loss—as the main stumbling blocks of adoption. Our main contribution is a novel DoS mitigation architecture, Burrows, with an economic incentive realignment property. Burrows is obtained by re-factoring existing key DoS mitigation technologies, and can increase the “social welfare,” i.e., economic benefit, of the entire Internet community—both infrastructure providers and the Internet users. At the core of Burrows is a wide-area virtual private network, or secure overlay, carved out of the existing Internet. Entry points into the Burrows overlay are controlled by gateways, which in addition to providing connectivity, minimize negative externality flowing between Burrows and the Internet. To rectify the aforementioned economic incentive misalignment, the power to realize Burrows is put into the hands of the Internet users. In addition, Burrows

Abstract not found

Version: 004

Proxy networks have been proposed to protect applications from Denial-of-Service (DoS) attacks. However, since large-scale study in real networks is infeasible and most previous simulations have failed to capture detailed network behavior, the DoS resilience and performance implications of such use are not well understood in large networks. While post-mortems of actual large-scale attacks are useful, only limited dynamic behavior can be understood from these single instances. Our work provides the first detailed and broad study of this problem in large-scale realistic networks. The key is that we use an online network simulator to simulate a realistic large-scale network (comparable to several large ISPs). We use a generic proxy network, and deploy it in a large simulated network using typical real applications and DoS tools directly. We study detailed system dynamics under various attack scenarios and proxy network configurations. Specific results are as follows. First, rather than incurring a performance penalty, proxy networks can improve users experienced performance. Second, proxy networks can effectively mitigate the impact of both spread and concentrated large-scale DoS attacks in large networks. Third, proxy networks provide scalable DoS-resilience resilience can be scaled up to meet the size of the attack, enabling application performance to be protected. Resilience increases almost linearly with the size of a proxy network; that is, the attack traffic that a given proxy network can resist, while preserving a particular level of application performance, grows almost linearly with proxy network size. These results provide empirical evidence that proxy networks can be used to tolerate DoS attacks and quantitative guidelines for designing a proxy ne...

It has long been known to researchers that address spoofing on the Internet is a serious problem.

Distributed Denial Of Service (DDoS) attacks are familiar threats to Internet users for more than ten years. Such attacks are carried out by a “Bot net”, an army of zombie hosts spread around the Internet, that overwhelm the bandwidth toward their victim Web server, by sending traffic upon command. This paper introduces WDA, a novel architecture to attenuate the DDoS attacker’s bandwidth. WDA is especially designed to protect Web farms. WDA is asymmetric and only monitors and protects the uplink toward the Web farm, which is the typical bottleneck in DDoS attacks. Legitimate traffic toward Web farms is very distinctive since it is produced by humans using Web browsing software. Specifically, such upload traffic has low volume, and more importantly, has long off times that correspond to human view time. WDA utilizes these properties of legitimate client traffic to distinguish it from attack traffic, which tends to be continuous and heavy. A key feature of WDA is in its use of randomized thresholds that trap and penalize deterministic zombie traffic that tries to mimic human client patterns. WDA’s heart is WDAQ, a novel active queue management mechanism aimed to prefer legitimate client traffic over attacker traffic. With WDA installed, the attacker traffic toward the victim is attenuated. Extensive simulation results show that WDA can defeat simple flooding attacks, and can attenuate the bandwidth usable by sophisticated WDA-aware attacks by orders of magnitude. As a consequence, the attacker must increase his “bot-net ” size by the same factor, to compensate for the effects of WDA. Our simulations show that WDA can defend a typical Web farm from DDoS attacks launched by hundreds of thousands zombies, while keeping legitimate clients ’ service degradation under ten percent.