Documentation

bullet

Denial Of Service (DoS) Attacks

    The connection between a client and the server requires a variety of resources: bandwidth, server memory buffers, server disk space, router memory buffers, firewall memory buffers, server system resources, firewall system resources, etc...  If any of these resources are no longer available, then traffic between client and server will stop.  DoS attacks will try to congestionate one or more of these resources with illegitimate packets, such that legitimate clients will be unable to access the server.  There are two types of DoS attacks.  Node-based DoS attacks deplete the memory or processing resources of the servers.  Typically node attacks are small packets that will exploit know vulnerabilities.  They require minimal attacker resources.  Link-based DoS attacks target the links on the path between the client and the server.  These attacks are much more difficult to execute since the number of packets needed to saturate the link bandwidth is quite large.                                                                                                                                                            

     For more information:          

  1. Miguel Abele's introduction to DoS attacks

  2. Dave Dittrich's DDoS website - Security Engineer's site with a great deal of links

  3. NetworkWorldFusion links for DOS - A somewhat old site that still contains great articles

  4. DoS Newsgroup Database - Newsgroup bulletins about DoS attacks

                  

bullet

Roaming

    We use resource management techniques to mitigate the effects of a DoS attack.  Our network contains a number servers, each one capable of serving as the service server.  Only one of these servers is the active service server.  The active server changes its location either to proactively defend against undetectable attacks or in response to the detection of an attack.  Clients typically are only allowed to know 3-8 of the next destinations of the active server before they have to renegotiate the connection.  However, in the case of a DoS attack, if the active server is the attack server, it will change to a different server in the network.  All current connections will be seamlessly moved to the new server.  The old server will still be under attack however, clients will see no degradation of service.

  For more information:          

    [1] An Overview presentation of our roaming algorithm.

    [2] A Poster showing our roaming mechanism.