1 Controlling High Bandwidth Aggregates in the Network.

Slides:



Advertisements
Similar presentations
An Internet Without IP Minaxi Gupta Computer Science Dept. Indiana University, Bloomington.
Advertisements

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
1 CNPA B Nasser S. Abouzakhar Queuing Disciplines Week 8 – Lecture 2 16 th November, 2009.
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.
Networks: Congestion Control1 Congestion Control.
Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.
A Deficit Round Robin Input Arbiter for NetFPGA Jonathan Woodruff.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
A & M University1 Design, and Evaluation of a Partial State Router Phani Achanta A. L. Narasimha Reddy Dept. of Electrical Engineering.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.
ACN: Congestion Control1 Congestion Control and Resource Allocation.
School of Information Technologies IP Quality of Service NETS3303/3603 Weeks
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker AT&T.
Lecture 15 Denial of Service Attacks
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Computer Networks Switching Professor Hui Zhang
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
{vp, sra, Security in Differentiated Services Networks Venkatesh Prabhakar Srinivas R.
CIS679: Scheduling, Resource Configuration and Admission Control r Review of Last lecture r Scheduling r Resource configuration r Admission control.
QoS Architectures for Connectionless Networks
Top-Down Network Design Chapter Thirteen Optimizing Your Network Design Oppenheimer.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
IP Forwarding.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
ACL & QoS.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Distributed Denial of Service Attacks
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Analysis of QoS Arjuna Mithra Sreenivasan. Objectives Explain the different queuing techniques. Describe factors affecting network voice quality. Analyse.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
 First: Data Link Layer  1. Retransmission Policy: It deals with how fast a sender times out and what it transmit upon timeout. A jumpy sender that times.
EE 122: Integrated Services Ion Stoica November 13, 2002.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Providing QoS in IP Networks
1 Lecture 15 Internet resource allocation and QoS Resource Reservation Protocol Integrated Services Differentiated Services.
Scheduling Mechanisms Applied to Packets in a Network Flow CSC /15/03 By Chris Hare, Ricky Johnson, and Fulviu Borcan.
Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology
Configuration for routing example
Instructor Materials Chapter 6: Quality of Service
QoS & Queuing Theory CS352.
Topics discussed in this section:
Top-Down Network Design Chapter Thirteen Optimizing Your Network Design Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Internet Networking recitation #1
Implementing Quality of Service (QoS)
Forwarding and Routing IP Packets
Defending Against DDoS
Congestion Control and Resource Allocation
CS 1652 The slides are adapted from the publisher’s material
Cisco Real Exam Dumps IT-Dumps
Defending Against DDoS
EE 122: Lecture 7 Ion Stoica September 18, 2001.
Advanced Computer Networks
COS 561: Advanced Computer Networks
Networking and Network Protocols (Part2)
IP Forwarding Relates to Lab 3.
Presentation transcript:

1 Controlling High Bandwidth Aggregates in the Network

2 Goals: Handle congestion Limit DoS attacks Allow flash crowds Identify traffic aggregates Subset of flows responsible for congestion Integrate provider policy Allow provider to configure drop mechanism

3 Related Work IP Traceback Tries to find source of attack Ingress/Egress Filtering ISP filters packets with fake source addresses Input debugging Uses signatures to filter attack traffic Scheduling: Fair Queuing Deficit Round Robin

4 ACC Design Apply congestion control to aggregated traffic Two levels of control: Local:  Identification  Control Global:  Pushback*

5 Issues Collateral damage Legitimate traffic may be inaccurately identified and restricted Routers may become synchronized and simultaneously detect congestion Insert jitter into monitoring interval How to ensure fairness of flows Separate identification and control Use RED to manage queue drops

6 Application to DoS attacks: Finding Aggregates Match destination of each dropped IP packet with longest matching prefix in routing table Periodically find most frequent prefix See if destinations match longer prefix E.g. maybe all dropped packets go to some specific host.

7 Application to DoS attacks: Rate Limiting* Let: w o be output bandwidth w i be total input bandwidth w b be bandwidth of aggregate desired drop rate be 20% Two conditions: w i – w b <= 1.2*w o w i – w b > 1.2*w o

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.