DDoS Attacks and Pushback
|
|
- Jonah Gallagher
- 5 years ago
- Views:
Transcription
1 Steven M. Bellovin December 5, 2 1 Florham Park, NJ 7932 AT&T Labs Research smb Steven M. Bellovin DDoS Attacks and
2 Joint Work Joint work with Ratul Mahajan (U. of Washington), Vern Paxson, Sally Floyd, and Scott Shenker (all of ACIRI). Graphs from simulations done by Mahajan. Based on ideas from informal DDoS research group (Steven M. Bellovin, Matt Blaze, Bill Cheswick, Cory Cohen, Jon David, Jim Duncan, Jim Ellis, Paul Ferguson, John Ioannidis, Marcus Leech, Perry Metzger, Robert Stone, Vern Paxson, Ed Vielmetti, Wietse Venema). Steven M. Bellovin December 5, 2 2
3 Basic Idea DDoS attacks result in massive, sustained congestion at some link. Router ends up discarding many packets, throwing away the good with the bad. Statistically, most discarded packets are from attackers. When many packets from a given upstream link are discarded, ask that router to discard the packets instead. Apply process recursively. Steven M. Bellovin December 5, 2 3
4 Test Topology Bad Poor Good Good R2 R3 R1 1 Mbps Congested Link Target Steven M. Bellovin December 5, 2 4
5 Test Topology Good and Poor are legitimate, well-behaved users of Target. Well-behaved connections throttle back sending rate during congestion. But Poor happens to share a router with the attacker, Bad. The link from R1 to Target is the bottleneck. Steven M. Bellovin December 5, 2 5
6 Received Bandwidth (in Mbps) Legitimate Users at 2 Mbps Default Bad Guy Poor Guy Good Guy Sending Rate of Bad Guy (in Mbps) Steven M. Bellovin December 5, 2 6
7 Steven M. Bellovin December 5, 2 7 Sending Rate of Bad Guy (in Mbps) Received Bandwidth (in Mbps) Local Rate-Limiting Only Bad Guy Poor Guy Good Guy 7 Legitimate Users at 2 Mbps: Local Control
8 Received Bandwidth (in Mbps) Legitimate Users at 2 Mbps: Enabled Bad Guy Poor Guy Good Guy Sending Rate of Bad Guy (in Mbps) Steven M. Bellovin December 5, 2 8
9 Received Bandwidth (in Mbps) Legitimate Users of TCP Bad Guy Poor Guy Good Guy Default Sending Rate of Bad Guy (in Mbps) Steven M. Bellovin December 5, 2 9
10 Received Bandwidth (in Mbps) Legitimate Users of TCP: Local Control Bad Guy Poor Guy Good Guy Local Rate-Limiting Only Sending Rate of Bad Guy (in Mbps) Steven M. Bellovin December 5, 2 1
11 Received Bandwidth (in Mbps) Legitimate Users of TCP: Bad Guy Poor Guy Good Guy Enabled Sending Rate of Bad Guy (in Mbps) Steven M. Bellovin December 5, 2 11
12 Received Bandwidth (in Mbps) Web-like Traffic Bad Guy Poor Guy Good Guy Default Number of Sessions Bad Aggregate Steven M. Bellovin December 5, 2 12
13 Received Bandwidth (in Mbps) Web-like Traffic: Local Control Bad Guy Poor Guy Good Guy Local Rate-Limiting Only Number of Sessions Bad Aggregate Steven M. Bellovin December 5, 2 13
14 Received Bandwidth (in Mbps) Web-like Traffic: Bad Guy Poor Guy Good Guy Enabled Number of Sessions Bad Aggregate Steven M. Bellovin December 5, 2 14
15 Steven M. Bellovin December 5, 2 15 Number of TCP connections in Bad Aggregate Ambient Drop Rate Over the Whole Simulation Default Local.25 Web-like Traffic: Packet Drop Rate
16 Design Details implemented as rate limit before output queue anything below that rate simply goes in output queue with everything else. RED -initiated packet discards are used to find the the traffic from a flash crowd or DDoS attack. Upstream routers report their behavior to their downstream neighbors. requests are soft state requesting router must refresh the requests. Steven M. Bellovin December 5, 2 16
17 Open Issues What are the proper time and drop rate constants? Can we easily detect likely attack aggregates? How diffuse an attack can this handle? Is this useful as a more general traffic management technique? Steven M. Bellovin December 5, 2 17
18 Status Simulations and other theoretical studies continuing. (Should have draft paper in a couple of months.) Trial implementation (based on FreeBSD) being built by John Ioannidis. Still a research area; not yet ready for implementation by router vendors. Steven M. Bellovin December 5, 2 18
ICMP Traceback Messages
ICMP Traceback Messages Steven M. Bellovin 973-360-8656 AT&T Labs Research Florham Park, NJ 07932 Steven M. Bellovin March 30, 2000 1 Goals Trace of packets coming at you. Primary motive: trace back denial
More informationDistributed Denial of Service
Distributed Denial of Service John Ioannidis ji@research.att.com AT&T Labs Research Joint work with Steve Bellovin, Matt Blaze (AT&T), Sally Floyd, Vern Paxson, Scott Shenker (ICIR), Ratul Mahajan (University
More informationControlling High Bandwidth Aggregates in the Network
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker ICSI Center for Internet Research (ICIR) AT&T Labs Research
More informationControlling High Bandwidth Aggregates in the Network
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker ICSI Center for Internet Research (ICIR) AT&T Labs Research
More informationInternet Security in my Crystal Ball
Steven M. Bellovin June 21, 2001 1 Florham Park, NJ 07932 AT&T Labs Research +1 973-360-8656 http://www.research.att.com/ smb Steven M. Bellovin Internet Security in my Crystal Ball security speculation
More informationDetection of Spoofing Attacks Using Intrusive Filters For DDoS
IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.10, October 2008 339 Detection of Spoofing Attacks Using Intrusive Filters For DDoS V.Shyamaladevi Asst.Prof.Dept of IT KSRCT
More informationSteven M. Bellovin AT&T Labs Research Florham Park, NJ 07932
Steven M. Bellovin! " $#"##%& '( ) * 973-360-8656 AT&T Labs Research Florham Park, NJ 07932 Steven M. Bellovin June 13, 2003 1 What is? Bad guys play games with routing protocols. Traffic is diverted.
More informationNetwork Tomography-based Unresponsive Flow Detection and Control
Network Tomography-based Unresponsive Flow Detection and Control Ahsan Habib, Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS) and Department of Computer
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationA Rate-Limiting System to Mitigate Denial of Service Attacks
Emmanuel Guiton TKK:n Tietoverkkolaboratorio Instructor: L.Sc. Jarmo Mölsä Supervisor: Prof. Jorma Jormakka A Rate-Limiting System to Mitigate Denial of Service Attacks Contents Overall information Intents
More informationCongestion Control for High-Bandwidth-Delay-Product Networks: XCP vs. HighSpeed TCP and QuickStart
Congestion Control for High-Bandwidth-Delay-Product Networks: XCP vs. HighSpeed TCP and QuickStart Sally Floyd September 11, 2002 ICIR Wednesday Lunch 1 Outline: Description of the problem. Description
More informationOn the Effect of Router Buffer Sizes on Low-Rate Denial of Service Attacks
On the Effect of Router Buffer Sizes on Low-Rate Denial of Service Attacks Sandeep Sarat Andreas Terzis sarat@cs.jhu.edu terzis@cs.jhu.edu Johns Hopkins University Abstract Router queues buffer packets
More informationA report on a few steps in the evolution of congestion control. Sally Floyd June 10, 2002 IPAM Program in Large Scale Communication Networks
A report on a few steps in the evolution of congestion control Sally Floyd June 10, 2002 IPAM Program in Large Scale Communication Networks 1 Topics: High-speed TCP. Faster Start-up? AQM: Adaptive RED
More informationExpiration Date: August 2003 February Access Control Prefix Router Advertisement Option for IPv6 draft-bellovin-ipv6-accessprefix-01.
Network Working Group Steven M. Bellovin Internet Draft AT&T Labs Research Expiration Date: August 2003 February 2003 Access Control Prefix Router Advertisement Option for IPv6 draft-bellovin-ipv6-accessprefix-01.txt
More informationQoS Services with Dynamic Packet State
QoS Services with Dynamic Packet State Ion Stoica Carnegie Mellon University (joint work with Hui Zhang and Scott Shenker) Today s Internet Service: best-effort datagram delivery Architecture: stateless
More informationHighSpeed TCP for Large Congestion Windows draft-floyd-tcp-highspeed-00.txt
HighSpeed TCP for Large Congestion Windows draft-floyd-tcp-highspeed-00.txt Sally Floyd July 17, 2002 TSVWG, Yokohama IETF 1 HighSpeed TCP: Joint work with Sylvia Ratnasamy and Scott Shenker at ICIR. Additional
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationMultipath Transport, Resource Pooling, and implications for Routing
Multipath Transport, Resource Pooling, and implications for Routing Mark Handley, UCL and XORP, Inc Also: Damon Wischik, UCL Marcelo Bagnulo Braun, UC3M The members of Trilogy project: www.trilogy-project.org
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationPromoting the Use of End-to-End Congestion Control in the Internet
Promoting the Use of End-to-End Congestion Control in the Internet IEEE/ACM Transactions on ing, May 3 1999 Sally Floyd, Kevin Fall Presenter: Yixin Hua 1 About Winner of the Communications Society William
More informationTuning RED for Web Traffic
Tuning RED for Web Traffic Mikkel Christiansen, Kevin Jeffay, David Ott, Donelson Smith UNC, Chapel Hill SIGCOMM 2000, Stockholm subsequently IEEE/ACM Transactions on Networking Vol. 9, No. 3 (June 2001)
More informationNetwork Support for Multimedia
Network Support for Multimedia Daniel Zappala CS 460 Computer Networking Brigham Young University Network Support for Multimedia 2/33 make the best of best effort use application-level techniques use CDNs
More informationCategory: Informational May 1996
Network Working Group S. Bellovin Request for Comments: 1948 AT&T Research Category: Informational May 1996 Status of This Memo Defending Against Sequence Number Attacks This memo provides information
More informationCS November 2018
Distributed Systems 21. Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationAnalysis. Group 5 Mohammad Ahmad Ryadh Almuaili
Analysis Group 5 Mohammad Ahmad Ryadh Almuaili Outline Introduction Previous Work Approaches Design & Implementation Results Conclusion References WHAT IS DDoS? DDoS: Distributed denial of service attack
More informationDistributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 21. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationA Better-Than-Best Effort Forwarding Service For UDP
University of North Carolina at Chapel Hill A Better-Than-Best Effort Forwarding Service For UDP Lightweight Active Queue Management for Multimedia Networking Kevin Jeffay Mark Parris Don Smith http://www.cs.unc.edu/reseach/dirt
More informationPerformance Evaluation of Controlling High Bandwidth Flows by RED-PD
Performance Evaluation of Controlling High Bandwidth Flows by RED-PD Osama Ahmed Bashir Md Asri Ngadi Universiti Teknology Malaysia (UTM) Yahia Abdalla Mohamed Mohamed Awad ABSTRACT This paper proposed
More informationEnhanced EDF Scheduling Algorithms for Orchestrating Network-wide wide Active Measurements
Enhanced EDF Scheduling Algorithms for Orchestrating Network-wide wide Active Measurements Prasad Calyam,, Chang-Gun Lee Phani Kumar Arava, Dima Krymskiy OARnet,, The Ohio State University IEEE RTSS, Miami,
More informationMarkov Chain Modeling of the Probabilistic Packet Marking Algorithm
Markov Chain Modeling of the Probabilistic Packet Marking Algorithm T.Y. Wong, John C.S. Lui, and M.H. Wong Department of Computer Science and Engineering The Chinese University of Hong Kong {tywong, cslui,
More informationIJESRT. Scientific Journal Impact Factor: (ISRA), Impact Factor: [753] [Dhar, 4(1): January, 2015] ISSN:
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY OPTIMISED SECURITY FRAMEWORK BASED ON TIME STAMP FOR DOS ATTACKS IN WIRELESS SENSOR NETWORKS Munish Dhar*, Rajeshwar Singh * P.G
More informationLoad Balance Mechanism
Load Balance Application in Dual-WAN Interface Load Balance Mechanism To which WAN port the traffic will be routed is determined according to the Load Balance mechanism. Below diagram shows how Vigor router
More informationMultipath TCP: Goals and Background. Mark Handley, UCL
Multipath TCP: Goals and Background Mark Handley, UCL Not your grandfather s Internet Once upon a time the Internet did email, ftp, and telnet. And it fell over due to congestion. TCP congestion control
More informationTO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM
TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM Anburaj. S 1, Kavitha. M 2 1,2 Department of Information Technology, SRM University, Kancheepuram, India. anburaj88@gmail.com,
More informationECEN Final Exam Fall Instructor: Srinivas Shakkottai
ECEN 424 - Final Exam Fall 2013 Instructor: Srinivas Shakkottai NAME: Problem maximum points your points Problem 1 10 Problem 2 10 Problem 3 20 Problem 4 20 Problem 5 20 Problem 6 20 total 100 1 2 Midterm
More informationKathie Nichols CoDel. present by Van Jacobson to the IETF-84 Transport Area Open Meeting 30 July 2012 Vancouver, Canada
Kathie Nichols CoDel present by Van Jacobson to the IETF-84 Transport Area Open Meeting 30 July 2012 Vancouver, Canada 2 3 Sender Receiver 4 Sender Receiver 5 Sender Receiver Queue forms at a bottleneck
More informationRandom Early Detection (RED) gateways. Sally Floyd CS 268: Computer Networks
Random Early Detection (RED) gateways Sally Floyd CS 268: Computer Networks floyd@eelblgov March 20, 1995 1 The Environment Feedback-based transport protocols (eg, TCP) Problems with current Drop-Tail
More informationOptimal Control of DDoS defense with Multi- Resource Max-min Fairness
Optimal Control of DDoS defense with Multi- Resource Max-min Fairness Wei Wei, Yabo Dong, Dongming Lu College of Computer Science and Technology Zhejiang University Hangzhou, China {weiwei_tc, dongyb,
More informationDDoS Defense by Offense
DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM 06 Presented by Nikki Benecke, Nov. 7 th, 2006, for CS577 DDoS: Defense by Offense
More informationCS November 2017
Distributed Systems 21. Delivery Networks () Paul Krzyzanowski Rutgers University Fall 2017 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationGUI Representation of Cisco IOS CLI Commands
CHAPTER 2 This chapter shows examples of how some functions common to both the Cisco IOS version of Cisco OER and the Cisco OER Master Controller Engine are represented in CLI commands and the GUI, which
More informationImproving the Robustness of TCP to Non-Congestion Events
Improving the Robustness of TCP to Non-Congestion Events Presented by : Sally Floyd floyd@acm.org For the Authors: Sumitha Bhandarkar A. L. Narasimha Reddy {sumitha,reddy}@ee.tamu.edu Problem Statement
More informationFrom ATM to IP and back again: the label switched path to the converged Internet, or another blind alley?
Networking 2004 Athens 11 May 2004 From ATM to IP and back again: the label switched path to the converged Internet, or another blind alley? Jim Roberts France Telecom R&D The story of QoS: how to get
More informationChapter 6: Congestion Control and Resource Allocation
Chapter 6: Congestion Control and Resource Allocation CS/ECPE 5516: Comm. Network Prof. Abrams Spring 2000 1 Section 6.1: Resource Allocation Issues 2 How to prevent traffic jams Traffic lights on freeway
More informationInvestigating the Use of Synchronized Clocks in TCP Congestion Control
Investigating the Use of Synchronized Clocks in TCP Congestion Control Michele Weigle (UNC-CH) November 16-17, 2001 Univ. of Maryland Symposium The Problem TCP Reno congestion control reacts only to packet
More informationMinimizing Collateral Damage by Proactive Surge Protection
Minimizing Collateral Damage by Proactive Surge Protection Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research ACM SIGCOMM LSAD Workshop, Kyoto,
More informationAn Extension to the Selective Acknowledgement (SACK) Option for TCP
Network Working Group Request for Comments: 2883 Category: Standards Track S. Floyd ACIRI J. Mahdavi Novell M. Mathis Pittsburgh Supercomputing Center M. Podolsky UC Berkeley July 2000 An Extension to
More informationHandling Failures and DOS Attacks Using Network Device Groups
Handling Failures and DOS Attacks Using Network Device Groups Ramkumar Chinchani, Suranjan Pramanik, Ashish Garg Dept. of Computer Science and Engineering University at Buffalo, SUNY Buffalo, NY 14260
More informationCMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 3
CMPE 150/L : Introduction to Computer Networks Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 3 1 No Class 1/23 (next Tuesday) Dr. Qian absent to serve a duty for US Department of Energy
More informationCE Advanced Network Security
CE 817 - Advanced Network Security Lecture 3 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other
More informationTBIT: TCP Behavior Inference Tool
TBIT: TCP Behavior Inference Tool Jitendra Padhye Sally Floyd AT&T Center for Internet Research at ICSI (ACIRI) http://www.aciri.org/tbit/ 1 of 24 Outline of talk Motivation Description of the tool Results
More informationQuick-Start for TCP and IP
Quick-Start for TCP and IP A. Jain, S. Floyd, M. Allman, and P. Sarolahti ICSI, April 2006 This and earlier presentations:: www.icir.org/floyd/talks Congestion control and anti-congestion control: Much
More informationComparative Performance Analysis of RSVP and RMD
Comparative Performance Analysis of RSVP and RMD András Császár and Attila Takács HSNLab, Budapest University of Technology and Economics TrafficLab, Ericsson Telecommunication Hungary 2003.09.19. 1 Outline
More informationEE 122: Router Support for Congestion Control: RED and Fair Queueing. Ion Stoica Oct. 30 Nov. 4, 2002
EE 122: Router Support for Congestion Control: RED and Fair Queueing Ion Stoica Oct. 30 Nov. 4, 2002 Router Support For Congestion Management Traditional Internet - Congestion control mechanisms at end-systems,
More informationDenial Of Service Attacks
FISTConference October 2004 Denial Of Service Attacks Gabriel Verdejo Alvarez (gaby@tau.uab.es) Barcelona INDEX Speaker s introduction. Denial Of Service attacks (DOS). Examples. Distributed Denial of
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationAdaptive RED: An Algorithm for Increasing the Robustness of RED s Active Queue Management or How I learned to stop worrying and love RED
Adaptive RED: An Algorithm for Increasing the Robustness of RED s Active Queue Management or How I learned to stop worrying and love RED! Presented by:! Frank Posluszny! Vishal Phirke 2/9/02 1 "Introduction
More informationCS 557 Congestion and Complexity
CS 557 Congestion and Complexity Observations on the Dynamics of a Congestion Control Algorithm: The Effects of Two-Way Traffic Zhang, Shenker, and Clark, 1991 Spring 2013 The Story So Far. Transport layer:
More informationReliable IPTV Transport Network. Dongmei Wang AT&T labs-research Florham Park, NJ
Reliable IPTV Transport Network Dongmei Wang AT&T labs-research Florham Park, NJ Page 2 Outline Background on IPTV Motivations for IPTV Technical challenges How to design a reliable IPTV backbone network
More informationUnresponsive Flow Detection and Control Using the Differentiated Services Framework
Unresponsive Flow Detection and Control Using the Differentiated Services Framework AHSAN HABIB, BHARAT BHARGAVA Center for Education and Research in Information Assurance and Security (CERIAS) and Department
More informationStreaming Video and TCP-Friendly Congestion Control
Streaming Video and TCP-Friendly Congestion Control Sugih Jamin Department of EECS University of Michigan jamin@eecs.umich.edu Joint work with: Zhiheng Wang (UofM), Sujata Banerjee (HP Labs) Video Application
More informationRCS: A Distributed Mechanism Against Link Flooding DDoS Attacks
RCS: A Distributed Mechanism Against Link Flooding DDoS Attacks Yong Cui, Lingjian Song, and Ke Xu Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, P.R. China {cy, slj,
More informationarxiv:cs/ v1 [cs.ni] 29 Sep 2003
Active Internet Traffic Filtering: Real-time Response to Denial-of-Service Attacks Katerina Argyraki David R. Cheriton Computer Systems Lab Stanford University {argyraki, cheriton}@dsg.stanford.edu Subj-class:
More informationRouting on the Internet. Routing on the Internet. Hierarchical Routing. Computer Networks. Lecture 17: Inter-domain Routing and BGP
Routing on the Internet Computer Networks Lecture 17: Inter-domain Routing and BGP In the beginning there was the ARPANET: route using GGP (Gateway-to-Gateway Protocol), a distance vector routing protocol
More informationTVA: A DoS-limiting Network Architecture L
DoS is not even close to be solved : A DoS-limiting Network Architecture L Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington) 1 n Address validation is
More informationProvision of Quality of Service with Router Support
Provision of Quality of Service with Router Support Hongli Luo Department of Computer and Electrical Engineering Technology and Information System and Technology Indiana University Purdue University Fort
More informationActive Queue Management for Self-Similar Network Traffic
Active Queue Management for Self-Similar Network Traffic Farnaz Amin*, Kiarash Mizanain**, and Ghasem Mirjalily*** * Electrical Engineering and computer science Department, Yazd University, farnaz.amin@stu.yazduni.ac.ir
More informationCore-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks. Congestion Control in Today s Internet
Core-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks Ion Stoica CMU Scott Shenker Xerox PARC Hui Zhang CMU Congestion Control in Today s Internet Rely
More informationInternet Routing Security Issues
Internet Routing Security Issues Z. Morley Mao Lecture 3 Jan 13, 2005 Z. Morley Mao, Winter 2005, CS589 1 Lecture outline Recap of last lecture, any questions? Existing routing security mechanisms - SBGP
More informationSally Floyd, Mark Handley, and Jitendra Padhye. Sept. 4-6, 2000
A Comparison of Equation-Based and AIMD Congestion Control Sally Floyd, Mark Handley, and Jitendra Padhye Sept. 4-6, 2 Workshop on the Modeling of Congestion Control Algorithms Paris 1 Why look at non-tcp
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way \ http://www.pass4test.com We offer free update service for one year Exam : 642-691 Title : CCIP BGP + MPLS Exam (BGP + MPLS) Vendors : Cisco Version
More informationInterdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)
Interdomain Routing Reading: Sections K&R 4.6.3 EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277) Guest Lecture by Brighten Godfrey Instructor: Vern Paxson TAs: Lisa Fowler, Daniel
More informationGARR customer triggered blackholing
GARR customer triggered blackholing Silvia d Ambrosio, Nino Ciurleo Introduction From discussions with the GARR working group on "contrast to DDoS", we understood the importance of a collaboration between
More informationEvaluation of Advanced TCP Stacks on Fast Long-Distance Production Networks p. 1
Evaluation of Advanced TCP Stacks on Fast Long-Distance Production Networks Hadrien Bullot & R. Les Cottrell {hadrien,cottrell}@slac.stanford.edu Stanford Linear Accelerator Center, Menlo Park Evaluation
More informationA Proposal to add Explicit Congestion Notification (ECN) to IPv6 and to TCP
A Proposal to add Explicit Congestion Notification (ECN) to IPv6 and to TCP K. K. Ramakrishnan, Sally Floyd References: Ramakrishnan, K.K., and Floyd, S., A Proposal to add Explicit Congestion Notification
More informationStudying Fairness of TCP Variants and UDP Traffic
Studying Fairness of TCP Variants and UDP Traffic Election Reddy B.Krishna Chaitanya Problem Definition: To study the fairness of TCP variants and UDP, when sharing a common link. To do so we conduct various
More informationA Scalable, Commodity Data Center Network Architecture
A Scalable, Commodity Data Center Network Architecture B Y M O H A M M A D A L - F A R E S A L E X A N D E R L O U K I S S A S A M I N V A H D A T P R E S E N T E D B Y N A N X I C H E N M A Y. 5, 2 0
More informationReal-Time Applications. Delay-adaptive: applications that can adjust their playback point (delay or advance over time).
Real-Time Applications Tolerant: can tolerate occasional loss of data. Intolerant: cannot tolerate such losses. Delay-adaptive: applications that can adjust their playback point (delay or advance over
More information6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. 6.033 Lecture 13 Sam
More informationLecture 24: Scheduling and QoS
Lecture 24: Scheduling and QoS CSE 123: Computer Networks Alex C. Snoeren HW 4 due Wednesday Lecture 24 Overview Scheduling (Weighted) Fair Queuing Quality of Service basics Integrated Services Differentiated
More informationWhat is Distributed Denial of Service (DDoS)?
What is Distributed Denial of Service (DDoS)? Gregory Travis greg@iu.edu First, what is a Denial of Service? A denial of service is the deliberate or unintentional withholding of an expected service, utility,
More informationAdvanced Computer Networks Exercise Session 7. Qin Yin Spring Semester 2013
Advanced Computer Networks 263-3501-00 Exercise Session 7 Qin Yin Spring Semester 2013 1 LAYER 7 SWITCHING 2 Challenge: accessing services Datacenters are designed to be scalable Datacenters are replicated
More informationNetwork Monitoring, Visualization. Topics
Monitoring, Visualization Gigabit Kits Workshop (January 10, 2001) Ken Wong, Eileen Kraemer*, Jon Turner Washington University and University of Georgia* NSF ANI-9714698 http://www.arl.wustl.edu/arl/projects/nmvc
More informationA Survey on Quality of Service and Congestion Control
A Survey on Quality of Service and Congestion Control Ashima Amity University Noida, U.P, India batra_ashima@yahoo.co.in Sanjeev Thakur Amity University Noida, U.P, India sthakur.ascs@amity.edu Abhishek
More informationImplementation Experiments on HighSpeed and Parallel TCP
Implementation Experiments on HighSpeed and TCP Zongsheng Zhang Go Hasegawa Masayuki Murata Osaka University Outline Introduction Background of and g Why to evaluate in a test-bed network A refined algorithm
More informationQuestion. Reliable Transport: The Prequel. Don t parse my words too carefully. Don t be intimidated. Decisions and Their Principles.
Question How many people have not yet participated? Reliable Transport: The Prequel EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica,
More informationDDOS - Fighting Fire with Fire Michael Walfish, Hari Balakrishnan, David Karger, and Scott Shenker.
DDOS - Fighting Fire with Fire Michael Walfish, Hari Balakrishnan, David Karger, and Scott Shenker. 12.02.2007 2005-12-31 Richard Your Socher Name www.socher.org Your Title Seminar: Security and Privacy
More informationHoneypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks
Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks Sherif Khattab 1, Rami Melhem 1, Daniel Mossé 1, and Taieb Znati 1,2 1 Department of Computer Science 2 Department
More informationResource Reservation Protocol
48 CHAPTER Chapter Goals Explain the difference between and routing protocols. Name the three traffic types supported by. Understand s different filter and style types. Explain the purpose of tunneling.
More informationEmulating WAN Impairments For Multiple Client-Server Applications
Emulating WAN Impairments For Multiple - Applications 007 PacketStorm Communications, Inc. PacketStorm is a trademark of PacketStorm Communications. Other brand and product names mentioned in this document
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 Denial of Service Intentional prevention of access to valued resource
More informationCHOKe - A simple approach for providing Quality of Service through stateless approximation of fair queueing. Technical Report No.
CHOKe - A simple approach for providing Quality of Service through stateless approximation of fair queueing Rong Pan Balaji Prabhakar Technical Report No.: CSL-TR-99-779 March 1999 CHOKe - A simple approach
More informationAdaptive Routing. Claudio Brunelli Adaptive Routing Institute of Digital and Computer Systems / TKT-9636
1 Adaptive Routing Adaptive Routing Basics Minimal Adaptive Routing Fully Adaptive Routing Load-Balanced Adaptive Routing Search-Based Routing Case Study: Adapted Routing in the Thinking Machines CM-5
More informationCollaborative Anomaly-Based Attack Detection
Collaborative Anomaly-Based Attack Detection Thomas Gamer 1, Michael Scharf 1, and Marcus Schöller 2 1 Institut für Telematik, Universität Karlsruhe (TH), Germany 2 Computing Department, Lancaster University,
More informationDenial of Service Attacks in Networks with Tiny Buffers
Denial of Service Attacks in Networks with Tiny Buffers Veria Havary-Nassab, Agop Koulakezian, Department of Electrical and Computer Engineering University of Toronto {veria, agop}@comm.toronto.edu Yashar
More informationThe Case for Informed Transport Protocols
The Case for Informed Transport Protocols Stefan Savage Neal Cardwell Tom Anderson University of Washington Our position Wide-area network performance: is important is limited by inefficient congestion
More informationIP Traceback-based Intelligent Packet Filtering: A Novel Technique for Defending Against Internet DDoS Attacks Λ
IP Traceback-based Intelligent Packet Filtering: A Novel Technique for Defending Against Internet DDoS Attacks Λ Minho Sung and Jun Xu College of Computing Georgia Institute of Technology Atlanta, GA 30332-0280
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationLinux Plumbers Conference TCP-NV Congestion Avoidance for Data Centers
Linux Plumbers Conference 2010 TCP-NV Congestion Avoidance for Data Centers Lawrence Brakmo Google TCP Congestion Control Algorithm for utilizing available bandwidth without too many losses No attempt
More information