Implementing Pushback: Router-Based Defense Against DDoS Attacks
- Implementing Pushback: Router-Based Defense Against DDoS Attacks
- Ioannidis, John
Bellovin, Steven Michael
- Computer Science
- Persistent URL:
- Network and Distributed System Security Symposium: NDSS '02 (Reston, Va.: Internet Society, 2002).
- Pushback is a mechanism for defending against distributed denial-of-service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets (hence the term Pushback) in order that the router's resources be used to route legitimate traffic. In this paper we present an architecture for Pushback, its implementation under FreeBSD, and suggestions for how such a system can be implemented in core routers.
- Computer science
- Item views
text | xml
- Suggested Citation:
- John Ioannidis, Steven Michael Bellovin, 2002, Implementing Pushback: Router-Based Defense Against DDoS Attacks, Columbia University Academic Commons, https://doi.org/10.7916/D8R78MXV.