Steve Bellovin, AT&T Labs
Link-flooding, as perpetrated by distributed denial of service
attacks, is a serious threat to the Internet. We propose a pushback
mechanism to defeat such attacks: routers experiencing sustained,
massive congestion ask the upstream routers to drop the packets
instead, thus freeing bandwidth for other traffic. This algorithm is
applied recursively, pushing back to either an uncongested link or
even the sources of the problem. Simulation results show that this
scheme is indeed effective.
About the Presenter
Steven Bellovin, the co-author of Firewalls and Internet Security:
Repelling the Wily Hacker, does research at AT&T Labs on
networks, security, and especially why the two don't get along.
PostScript presentation
PDF presentation
