A Rate-Limiting System to Mitigate Denial of Service Attacks

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

Helsinki University of Technology | Diplomityö
Checking the digitized thesis and permission for publishing
Instructions for the author

Date

2003

Major/Subject

Tietoverkkotekniikka

Mcode

S-38

Degree programme

Language

en

Pages

xiii + 97

Series

Abstract

This document describes an implementation and the testing of an automatic defense system that uses rate-limiting to mitigate Denial of Service attacks. Denial of Service attacks - and particularly the distributed ones - are amongst the latest and most problematic trends in network security threats. Currently, a few effective defense methods exist against them. In this document, the proposal is to jointly use the, capabilities of attack detection (via Intrusion Detection Systems) and Quality of Service to rate-limit these attacks. As an automatic reaction, rate-limiting has an advantage over blocking: it preserves the legitimate traffic that is mis-identified as belonging to an attack. This document describes in detail an already specified Rate-Limiting System. This system selects traffic into legitimate and attack aggregates thanks to an attack detection module. Based on this selection, routers direct the traffic aggregates into different queues. Attack queues are managed by a new Active Queue Management mechanism that enforces rate-limiting limiting by randomly discarding packets. This thesis presents mainly an implementation of the Rate-Limiting System in a Linux environment and its testing. It appeared from the tests that HTTP and FTP-downloading can handle one-way packet loss well, thus showing the suitability of rate-limiting to defend a website against low-bandwidth Denial of Service attacks such as typical TCP SYN or ICMP Echo Request flooding attacks.

Description

Supervisor

Jormakka, Jorma

Thesis advisor

Mölsä, Jarmo

Keywords

Denial of Service, Intrusion Detection Systems, Quality of Service, rate-limiting, Rate-Limiting System, RLS-AQM

Other note

Citation