Presenter: Min Suk Kang
Authors: Soo Bum Lee (Carnegie Mellon University), Min Suk
Kang (Carnegie Mellon University), Virgil D. Gligor (Carnegie Mellon
University)
Traditional DDoS attack target specific endpoints or
servers. However, in recent years we have seen several attacks geared towards
specific links, instead of a large number of hosts. Traditional flow filtering
schemes are susceptible to these attacks because attack flows (which are
typically low-rate, have diverse source/destination addresses, and are protocol
conforming) are often indistinguishable from benign flows.
The proposed scheme (called CoDef) relies on collaboration
among ASes. Attack source and target ASes are generally motivated to
collaborate to curb this attack. CoDef uses collaborative rerouting in which
target AS asks neighboring ASes to reroute traffic via other paths, essentially
dispersing attack and benign traffic. If the attacker is aware of this reroute
and it chooses to re-launch the attack by creating new flows, the attacker will
be identified.
After collaborative rerouting, CoDef uses collaborative
rate-control and path pinning (which were not discussed during the
presentation). The evaluation was conducted using topology data from CAIDA.
CoDef does not require changes to BGP or OSPF.
Q: Can CoDef identify attack source inside the attack AS?
A: No, CoDef would notify AS-owener/ISP.
Q: What is the cost of routing change employed by CoDef?
Someone can abuse the system by false collaborative rerouting advertisements,
how does CoDef cater for that?
A: We envision that CoDef will be a premium service. The
costs of the service would hinder false use.
