http:vig'prenhall'comcatalogacademicproduct0,1144,0131475738,00'html

1
Fighting the DDoS Menace!
http//vig.prenhall.com/catalog/academic/product/0
,1144,0131475738,00.html
2
Recent High Profile DDoS Attacks

• Protx (Online payments processing firm)
• October 31st
• WeaKnees.com, RapidSatellite.com (e-commerce)
• October 6th
• WorldPay (section of Royal Bank of Scotland)
• October 4th
• Authorize.net (US credit card processing firm)
• September 23rd

3
Fighting the Good Fight

• Aggregate-based congestion control (ACC)
• identify a pattern of packets
• apply a rate-limiter to the pattern(s)
• Local ACC versus Global ACC
• allow a router to request adjacent upstream
  routers to rate-limit traffic corresponding to a
  specific aggregate.

4
An Illustrated Example
Controlling High Bandwidth Aggregates in the
Network (Mahajan et al, 2001)
5
ACC Works???
6
The Scalable Simulation Framework (http//www.ssf
net.org)

• focus on scalability
• model scalability of nodes, traffic flows,
• bandwidth, system heterogeneity
• contains a DDoS scenario
• much faster learning curve than NS tools (no
  tcl/tk)

7
What's the catch?

• Well, it turns out the DDoS scenario models a TCP
  SYN flooding denial of service attack.
• This DDoS attacks the TCP/IP stack of the target
  servers. It is not bandwidth limited! So
  congestion control is not the appropriate
  response.
• Quickly, we must model a bandwidth-limited DDoS
  attack....

8
Network Topology
9
Client Topology
10
Server Topology
11
DDoS Topology
12
But What Does It Do?

• 164 iterations, no DDoS enabled
• mean 202.71 connections, std. dev. 13.79
• 68 iterations, DDoS enabled
• mean 194.29 connections, std. dev. 15.47
• 59 iterations, DDoS enabled local ACC
• mean 196.98 connections, std. dev. 14.33

13
TODO LIST

• Improve the effectiveness of the DDoS attack
• Use identical random number seeds across all
  three trial. This will show strict ordering of,
• DDoS lt DDoS local ACC no DDoS