angelos,misra,danr¥ Denial of service (DoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. We propose an architecture called Secure Overlay Services (SOS) that proactively prevents DoS attacks, geared toward supporting Emergency Services or similar types of communication. The architecture is constructed using a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by (i) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic, and (ii) introducing randomness and anonymity into the architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOSprotected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.

Enabling mobility in IP networks is an important issue for making use of the many light-weight devices appearing at the market. The IP mobility support being standardized in the IETF uses tunnelling of IP packets from a Home Agent to a Foreign Agent to make the mobility transparent to the higher layer. There are a number of problems associated with Mobile IP, such as triangular routing, each host needing a home IP address, tunnelling management, etc. In this paper, we propose to use mobility support in the application layer protocol SIP where applicable, in order to support real-time communication in a more efficient way.

Abstract not found

Current routing protocols assume that routers are connected by bidirectional links. However, in an increasing number of configurations, pairs of routers may be connected by unidirectional links. Existing routing protocols do not work properly in such configuration. A particular example is GEO satellite links with receive-only hardware and a back channel through a bidirectional network. In this paper we present two approaches to allow dynamic routing in this configuration. One is based on routing protocol modification and the other on tunneling, both currently discussed within the IETF UDLR working group. More general examples include networks where several links can be unidirectional. Neither routing protocol modifications nor tunneling are applicable in such configuration. We have therefore designed a new protocol based on circuit discovery. We describe this protocol which allows dynamic routing in networks where all links are unidirectional.

We present a networking model that treats a user's set of personal devices as a MOPED, an autonomous set of MObile grouPEd Devices, which appears as a single entity to the rest of the Internet. As the user moves through different environments, the devices cooperate as a coordinated local area network that provides the user the desired mobile services. All communication for a user is directed to a single point of presence on the Internet, essentially an IP address for the MOPED. These personal devices can cooperate to achieve better resource utilization, such as by sharing available communication bandwidth. We present the basic networking functionality necessary to enable the operation of MOPEDs, and their integration into the Internet. We introduce a middleware layer to extend IP routing to work with MOPEDs, and a lightweight IP encapsulation protocol, Multipath Routing enCAPsulation (MRCAP), used to implement that middleware.

With the huge growth and the market for laptop and palmtop computer purchases, a rapid increase of mobile usage in the Internet is expected. As mobile nodes move in a wireless computer network, a mobile node must determine when to switch its link-level point of attachment to the wired network. In this paper, we present six cell switching techniques and discuss their attributes. Specifically, we present the Late, Early, and Strong cell switching techniques and three variations of them. We then investigate the performance of these six techniques to discover the best method a mobile node should use to determine when to perform its re-attachment to the wired network.

This paper discusses about transmission of Voice over Mobile IP. It is basically about transmitting voice over Mobile IP unlike the usual standard IP protocol. It discusses the key issues related to the Voice over IP and the standard protocols supporting it. It discusses how the protocols SIP, RTP are modified to attain the mobility of the protocols. Here we discussed about SIP mobility, RTP mobility and Route Optimization in Mobile IP describing how they are attained. 1.

Enterprise mobile users are an important user segment benefiting from secure and mobile access to enterprise resources. We discuss the current status of the integration of Mobile IPv4 and IPsec, and discuss issues relevant to enterprise mobile users currently under standardization or not being standardized at all. We conclude that the current standards are sufficient for basic enterprise use. However, providing interoperability and ease-of-use simultaneously requires more work on automatic configuration of protocol parameters, on a common authentication infrastructure, and on resolving some particular router and firewall issues.

We describe the mbuf tag API, a mechanism for tagging data as they flow through the network stack. Originally introduced in OpenBSD, mbuf tags were initially intended for use by the IPsec stack. The API has matured enough to be used by several other kernel components, and formed the basis for the FreeBSD mbuf tags. We present the API, discuss its various uses in the OpenBSD network stack, and describe some plans for future work. Our goal is to demonstrate the flexibility of this relatively simple mechanism and expose it to other kernel developers.

draft-ietf-mobileip-ipv6-22.txt