Taking aim at denial-of-service attacks

Steve Schear schear at attbi.com
Fri May 16 19:22:52 EDT 2003 

May 13, 2003, 6:01 AM PT

BERKELEY, Calif.--Graduate students from Carnegie Mellon University on 
Monday proposed two methods aimed at greatly reducing the effects of 
Internet attacks.

In two papers presented at the IEEE Symposium on Security and Privacy here, 
the graduate students suggested simple modifications to network software 
that could defeat denial-of-service attacks and that could be implemented 
in the current protocol used by the Internet. The symposium, sponsored by 
the Institute of Electrical and Electronics Engineers, began Sunday and 
lasts through Wednesday.

......

The puzzle method
The second presentation, also by a graduate student at Carnegie Mellon, 
proposes that servers use "puzzles"--problems that take a certain amount of 
processing time to solve--as a means of taxing any computer that tries to 
communicate with the server. Such a technique, which has also been 
suggested as a way to defeat spammers who send unsolicited mass e-mail, 
would help defend against denial-of-service attacks that attempt to tie up 
a victim server's memory with hundreds or thousands of connections.

The plan from XiaoFeng Wang asserts that such small tasks would hardly be 
noticed by legitimate users, while attackers would have to expend far more 
effort to do any damage. While others have suggested similar methods, Wang 
added to his proposal an auction-like transaction to further allow 
legitimate traffic to win out over attacks.

"Our mechanism enables each client to 'bid' for resources by tuning the 
difficulty of the puzzles it solves and to adapt its bidding strategy in 
response to apparent attacks," Wang stated in the paper that outlined his 
findings.

Bellovin also liked this idea but again said that certain issues need to be 
resolved.

"It will work up to a point," he said. "The problem is that spammers and 
denial-of-service attacks are not using their own machines. If they need 16 
times as many computers, they can--most likely--easily get that many more."

http://news.com.com/2100-1009_3-1001200.html


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list