Moti Geva , Bar-Ilan University, Ramat-Gan
Amir Herzberg , Bar Ilan, Ramat Gan
Yehoshua Gev , Bar-Ilan University, Ramat-Gan
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2013.55
Distributed denial of service (DDoS) attacks pose a serious threat to the Internet. We discuss the Internet&#x2019;s vulnerability to Bandwidth Distributed Denial of Service (BW-DDoS) attacks, where many hosts send a huge number of packets exceeding network capacity and causing congestion and losses, thereby disrupting legitimate traffic. TCP and other protocols employ congestion control mechanisms that respond to losses and delays by reducing network usage, hence, their performance may be degraded sharply due to such attacks. Attackers may disrupt connectivity to servers, networks, autonomous systems, or whole countries or regions. In this paper we survey BW-DDoS attacks and defenses. We argue that so far, BW-DDoS employed relatively crude, inefficient, &#x2018;brute force&#x2019; mechanisms; future attacks may be significantly more effective, and hence much more harmful. We discuss currently deployed and proposed defenses. We argue that to meet the increasing threats, more advanced defenses should be deployed.
Moti Geva, Amir Herzberg, Yehoshua Gev, "Bandwidth Distributed Denial of Service: Attacks and Defenses", IEEE Security & Privacy, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/MSP.2013.55