• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations

DMCA

A DoS-limiting network architecture (2005)

Cached

  • Download as a PDF

Download Links

  • [www.ics.forth.gr]
  • [www.ics.forth.gr]
  • [www.ics.forth.gr]
  • [www.cs.washington.edu]
  • [www.ics.uci.edu]
  • [www.news.cs.nyu.edu]
  • [www.cs.duke.edu]
  • [djw.cs.washington.edu]
  • [www.cs.duke.edu]
  • [www.cs.northwestern.edu]
  • [www.it.uu.se]
  • [www.it.uu.se]
  • [www.utdallas.edu]
  • [ftp.cs.duke.edu]
  • [user.informatik.uni-goettingen.de]
  • [cs.northwestern.edu]
  • [www.cs.colostate.edu]
  • [www.utdallas.edu]
  • [www.news.cs.nyu.edu]
  • [www.cs.duke.edu]
  • [www.utdallas.edu]

    • Other Repositories/Bibliography

  • DBLP
  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Xiaowei Yang
Venue:In Proceedings of ACM SIGCOMM
Citations:191 - 6 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Yang05ados-limiting,
    author = {Xiaowei Yang},
    title = {A DoS-limiting network architecture},
    booktitle = {In Proceedings of ACM SIGCOMM},
    year = {2005},
    pages = {241--252},
    publisher = {ACM Press}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We present the design and evaluation of TVA, a network architecture that limits the impact of Denial of Service (DoS) floods from the outset. Our work builds on earlier work on capabilities in which senders obtain short-term authorizations from receivers that they stamp on their packets. We address the full range of possible attacks against communication between pairs of hosts, including spoofed packet floods, network and host bottlenecks, and router state exhaustion. We use simulation to show that attack traffic can only degrade legitimate traffic to a limited extent, significantly outperforming previously proposed DoS solutions. We use a modified Linux kernel implementation to argue that our design can run on gigabit links using only inexpensive off-the-shelf hardware. Our design is also suitable for transition into practice, providing incremental benefit for incremental deployment.

Keyphrases

dos-limiting network architecture    attack traffic    incremental deployment    work build    do solution    possible attack    spoofed packet flood    short-term authorization    router state exhaustion    inexpensive off-the-shelf hardware    limited extent    gigabit link    host bottleneck    full range    legitimate traffic    network architecture    modified linux kernel implementation    incremental benefit   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University