M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger and S. Shenker Presented by Kong Lam Material adapted from authors’ slides 1
The modern DDoS attacker ◦ Tries to make its tra ffj c look legitimate The modern DDoS defender ◦ Detect, then deny The post-modern DDoS defender (authors) ◦ No attempt at reliable di fg erentiation: 2 2
When a server is under attack, encourage all clients to send more tra ffj c to the server. Isn’t it smarter to do di fg erentiation? 3 3
Bots send requests that look legitimate ◦ Overloads resource like CPU, disk (not link) Key challenge: ◦ Can’t tell request was issued with ill intent 4 4
Server overloaded; drops randomly Attackers get the bulk of the server This server allocation is greed-proportional ◦ Must change the allocation, without di fg erentiating good and bad 5 5
Give out units of service based on client b/w Why better than greed-proportional? ◦ Because good clients have more spare capacity ◦ Good clients “speak up” 6 6
Only under server overload: ◦ Front-end admits requests periodically ◦ Which request to admit? “Highest” sender ◦ Others keep sending and eventually win ◦ (Allocation prop. to b/w: proved in paper.) What if other DDoS defense mechanisms throttle clients’ tra ffj c? 7 7
Needs no client change JavaScript: ◦ Client constructs 1MByte string ◦ POSTs string in form Proxy: ends POST after client wins 8 8
50 clients; all have 2 Mbits/s bandwidth Vary number of good and bad Good clients: 2 reqs/s; bad clients: 40 reqs/s Server capacity: 100 reqs/s 9 9
Should we allow such use of network b/w? Other currency schemes are good ◦ Why consume public resource? 10 10
Recommend
More recommend
