dc.contributor.advisor | Karen Sollins | |
dc.contributor.author | Hansen, Richard E. | |
dc.contributor.other | Advanced Network Architecture | |
dc.date.accessioned | 2007-06-22T12:41:46Z | |
dc.date.available | 2007-06-22T12:41:46Z | |
dc.date.issued | 2007-06-21 | |
dc.identifier.other | MIT-CSAIL-TR-2007-035 | |
dc.identifier.uri | http://hdl.handle.net/1721.1/37601 | |
dc.description | MEng thesis | |
dc.description.abstract | Distributed denial-of-service (DDoS) attacks can easily cripple victim hosts or networks, yet effective defenses remain elusive. Normal anycast can be used to force the diffusion of attack traffic over a group of several hosts to increase the difficulty of saturating resources at or near any one of the hosts. However, because a packet sent to the anycast group may be delivered to any member, anycast does not support protocols that require a group member to maintain state (such as TCP). This makes anycast impractical for most applications of interest.This document describes the design of Stateful Anycast, a conceptual anycast-like network service based on IP anycast. Stateful Anycast is designed to support stateful sessions without losing anycasts ability to defend against DDoS attacks. Stateful Anycast employs a set of anycasted proxies to direct packets to the proper stateholder. These proxies provide DDoS protection by dropping a sessions packets upon group member request. Stateful Anycast is incrementally deployable and can scale to support many groups. | |
dc.format.extent | 103 p. | |
dc.relation.ispartofseries | Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory | |
dc.title | Stateful Anycast for DDoS Mitigation | |