Michael Walfish, Hari Balakrishnan, David Karger, Scott Shenker
4th ACM Workshop on Hot Topics in Networks (HotNets), College Park, MD, November 2005
We consider DoS attacks on servers in which attackers' requests are
indistinguishable from legitimate requests. Most current defenses
against this class of attack rely on legitimate users in aggregate
having more of some resource (CPU cycles, memory cycles, human
attention, etc.) than attackers. A server so defended asks prospective
clients to prove their legitimacy by spending some of this resource. We
adopt this general approach but use bandwidth as the constrained
resource. Specifically, we argue that when a server is attacked, it
should: (1) prevent overloading by limiting the incoming rate of
requests (and dropping all others) and (2) encourage its legitimate
clients to fight back with aggressive retransmission. This approach
forces all clients to spend bandwidth to receive service, and the
legitimate clients, with their greater aggregate bandwidth, will receive
the bulk of the service.
[PDF (185KB)] [PostScript (348KB)] [Gzipped PostScript (113KB)]
Bibtex Entry:
@inproceedings{walfish2005dos,
author = "Michael Walfish and Hari Balakrishnan and David Karger and Scott Shenker",
title = "{DoS: Fighting Fire with Fire}",
booktitle = {4th ACM Workshop on Hot Topics in Networks (HotNets)},
year = {2005},
month = {November},
address = {College Park, MD}
}