http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html

Fighting the DDoS Menace!

● Protx (Online payments processing firm) :October 31st

● WeaKnees.com, RapidSatellite.com (e-commerce)October 6th

● WorldPay (section of Royal Bank of Scotland) :October 4th

● Authorize.net (US credit card processing firm) :September 23rd

Recent High Profile DDoS Attacks

Fighting the Good Fight

● Aggregate-based congestion control (ACC)– identify a pattern of packets

– apply a rate-limiter to the pattern(s)

● Local ACC versus Global ACC– allow a router to request adjacent upstream routers to

rate-limit traffic corresponding to a specific aggregate.

An Illustrated Example

“Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)

ACC Works???

The Scalable SimulationFramework(http://www.ssfnet.org)

● focus on scalabilitymodel scalability: # of nodes, traffic flows,bandwidth, system heterogeneity

● contains a DDoS scenario● much faster learning curve than NS tools (no tcl/tk)

What's the catch?

● Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack.

● This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response.

● Quickly, we must model a bandwidth-limited DDoS attack....

NetworkTopology

Client Topology

Server Topology

DDoSTopology

But What Does It Do?

● 164 iterations, no DDoS enabled:– mean 202.71 connections, std. dev. 13.79

● 68 iterations, DDoS enabled:– mean 194.29 connections, std. dev. 15.47

● 59 iterations, DDoS enabled & local ACC:– mean 196.98 connections, std. dev. 14.33

TODO LIST

● Improve the effectiveness of the DDoS attack

● Use identical random number seeds across all three trial. This will show strict ordering of,

DDoS < DDoS + local ACC ≤ no DDoS