DDOS Defense by Offense

OFFENSE

Presented by:Anup Goyal

Aojan Su

Objections

Several objections identified By Authors itself Bandwidth Envy Flash Crowds Variable bandwidth cost

Is It Practical in real Internet ??

Clients’ upload capacity

Clients with limited upload capacity (dialup users) can not “speak-up”

They can’t increase their chance to obtain service. In worse case, they can suffer when everyone else speaks up.

Can’t detect malicious client

Even good clients need to flood the server to get service.

It could be much more difficult to detect attackers.

Access Link Congestion

If the access link of thinner is congested, legitimate clients would back off due to congestion control.

Attackers could ignore congestion control and send at higher capacity.

Edge Network Flooding

Good client’s flooding traffic effect edge networks by increased traffic volumes. potentially harming other flows.

Problem for good guys No good way to accommodate

clientèle (good and bad) coming from the same location.

Good Client always loose while sharing a Bottleneck link.

Impact on Other Traffic

THIS IS BAD !!!!

Problems Unaddressed/overlooked

Effect of low-rate attack not addressed Bad client also has spare bandwidth.

Assumptions hold because of nature of current network characteristics How to detect when these assumptions break? Switch off speak-up (automatically?) under these con

ditions. Effect of various traffic patterns? (i.e. heavy-tail distri

bution)

My Question

Are speak-up’s assumptions reasonable? “The thinner is never congested”?

Impact on network good traffic amplifier? How much bandwidth will be wasted for du

mmy bytes?

Primary Focus on HTTP Focus primarily on Web traffic

and its properties (e.g. HTTP).

Does not mention its usefulness for any other situation or protocol.

Market Survey Missing The researchers have not done a

market survey, thus all their findings are theoretical.

Economic issue consideration is missing.

Extra hardware There is extra hardware (the Thinner) that has to sit in front of any server we want to protect by Speak-Up.

Expensive

Single Point of Failure