Friday, 10 February 2012
 Home arrow Blog arrow Researchers devise way to deny denial-of-service attacks
   
Main Menu
Home
News
Blog
Links
Search
FAQs
Spider
Articles
@intrenet
Free Softwares
Break for fun
Friends VIdeos
Techno videos
Contact Us
Disclaimer
Guest Book
Speed test
V.E.C. Calculator
IPv4 Subnet Calc
IPv6 Subnet Calc
Byte Converter
Converter
GMT/UTC Time
Bandwidth Calc
Allinone Calc
IANA Port Numbers
Country Call Codes
Pk Postal Codes
Surf Anonumously
Visitors Counter
mod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_counter
mod_vvisit_counterToday71
mod_vvisit_counterYesterday381
mod_vvisit_counterThis week1714
mod_vvisit_counterThis month3348
mod_vvisit_counterAll97436
 
 
 
 

Researchers devise way to deny denial-of-service attacks PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Amanatullah khalil   
Friday, 02 October 2009

Researchers devise way to deny denial-of-service attacks

Researchers say they have devised a way to filter out denial-of-service (DoS) attacks on computer networks, including cloud computing systems, improving security on government, commercial, and educational systems.

Methods do exist for configuring a network to filter out known DoS and distributed denial-of-service (DDoS) attack software and to recognize some of the traffic patterns associated with a mounting DoS attack.

But current filters usually rely on the computer being attacked to check the legitimacy of incoming information requests, consuming resources and, in the case of a massive DDoS, compounding the problem.

Computer engineers John Wu, Tong Liu, Andy Huang and David Irwin of Auburn University have developed a filter to protect systems against DoS attacks that they say circumvents this problem.

How? With the use of a new passive protocol that must be in place at each end of the connection, user and resource.

Their protocol, called "Identity-Based Privacy-Protected Access Control Filter", or IPACF, is said to block threats to the gatekeeping Authentication Servers, allowing legitimate users with valid passwords to access private resources.

Here's how it works:

The user's computer has to present a filter value for the server to do a quick check. The filter value is a one-time secret that needs to be presented with the pseudo ID. The pseudo ID is also one-time use. Attackers cannot forge either of these values correctly and so attack packets are filtered out.

There is a drawback. The added layer of information transfer required for checking user requests could take up more resources needed by the server.

The researchers say they have tested how well the protocol manages a massive DDoS attack, simulating one on a network consisting of 1000 nodes with 10 Gbps bandwidth. The result? Little server degradation, negligible latency and minimal extra processor usage even when the 10 Gbps pipe to the authentication server is filled with DoS packets.

The protocol takes 6 nanoseconds to reject a non-legitimate information packet associated with the DoS attack, the researchers said. Their results will be published in a forthcoming issue of international journal Information and Computer Security.

The protocol was first introduced at a conference in 2007.

This article was published as a blog post on ZDNet.

 
 
< Prev   Next >
[ Back ]
 
 
 
csatpk Newsflash
Paper-thin batteries made from algae
Thursday, 26 November 2009
  Click for details...

Buffalo ships first USB 3.0 hard drive
Thursday, 26 November 2009
  Click for details...

Cisco's amazing $3B buy of videoconf. vendor Tandberg
Friday, 02 October 2009
  Click for details...

Large online payroll service hacked
Friday, 02 October 2009
  Click for details...

--= NFSP =--

Virtualization: Tips for avoiding server overload
Friday, 02 October 2009
  Click for details...

Statistics
OS: Linux h
PHP: 5.2.17
MySQL: 5.1.60-community-log
Time: 15:28
Caching: Disabled
GZIP: Disabled
Members: 3
News: 368
Web Links: 5
Visitors: 226764
Popular