Fighting the DDoS Menace! http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html
Recent High Profile DDoS Attacks • Protx (Online payments processing firm) : October 31st • WeaKnees.com, RapidSatellite.com (e-commerce) October 6th • WorldPay (section of Royal Bank of Scotland) : October 4th • Authorize.net (US credit card processing firm) : September 23rd
Fighting the Good Fight • Aggregate-based congestion control (ACC) • identify a pattern of packets • apply a rate-limiter to the pattern(s) • Local ACC versus Global ACC • allow a router to request adjacent upstream routers to rate-limit traffic corresponding to a specific aggregate.
An Illustrated Example “Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)
The Scalable Simulation Framework (http://www.ssfnet.org) • focus on scalability model scalability: # of nodes, traffic flows, bandwidth, system heterogeneity • contains a DDoS scenario • much faster learning curve than NS tools (no tcl/tk)
What's the catch? • Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack. • This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response. • Quickly, we must model a bandwidth-limited DDoS attack....
But What Does It Do? • 164 iterations, no DDoS enabled: • mean 202.71 connections, std. dev. 13.79 • 68 iterations, DDoS enabled: • mean 194.29 connections, std. dev. 15.47 • 59 iterations, DDoS enabled & local ACC: • mean 196.98 connections, std. dev. 14.33
TODO LIST • Improve the effectiveness of the DDoS attack • Use identical random number seeds across all three trial. This will show strict ordering of, DDoS < DDoS + local ACC ≤ no DDoS