Skip to main content

NetFence: Preventing internet denial of service from inside out

Publication ,  Journal Article
Liu, X; Yang, X; Xia, Y
Published in: SIGCOMM'10 - Proceedings of the SIGCOMM 2010 Conference
November 15, 2010

Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions of dollars of financial loss. This work presents NetFence, a scalable DoS-resistant network architecture. NetFence uses a novel mechanism, secure congestion policing feedback, to enable robust congestion policing inside the network. Bottleneck routers update the feedback in packet headers to signal congestion, and access routers use it to police senders' traffic. Targeted DoS victims can use the secure congestion policing feedback as capability tokens to suppress unwanted traffic. When compromised senders and receivers organize into pairs to congest a network link, NetFence provably guarantees a legitimate sender its fair share of network resources without keeping per-host state at the congested link. We use a Linux implementation, ns-2 simulations, and theoretical analysis to show that NetFence is an effective and scalable DoS solution: it reduces the amount of state maintained by a congested router from per-host to at most per-(Autonomous System). © 2010 ACM.

Duke Scholars

Published In

SIGCOMM'10 - Proceedings of the SIGCOMM 2010 Conference

DOI

Publication Date

November 15, 2010

Start / End Page

255 / 266

Related Subject Headings

  • Networking & Telecommunications
  • 4606 Distributed computing and systems software
  • 4006 Communications engineering
  • 1005 Communications Technologies
  • 0805 Distributed Computing
  • 0803 Computer Software
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Liu, X., Yang, X., & Xia, Y. (2010). NetFence: Preventing internet denial of service from inside out. SIGCOMM’10 - Proceedings of the SIGCOMM 2010 Conference, 255–266. https://doi.org/10.1145/1851182.1851214
Liu, X., X. Yang, and Y. Xia. “NetFence: Preventing internet denial of service from inside out.” SIGCOMM’10 - Proceedings of the SIGCOMM 2010 Conference, November 15, 2010, 255–66. https://doi.org/10.1145/1851182.1851214.
Liu X, Yang X, Xia Y. NetFence: Preventing internet denial of service from inside out. SIGCOMM’10 - Proceedings of the SIGCOMM 2010 Conference. 2010 Nov 15;255–66.
Liu, X., et al. “NetFence: Preventing internet denial of service from inside out.” SIGCOMM’10 - Proceedings of the SIGCOMM 2010 Conference, Nov. 2010, pp. 255–66. Scopus, doi:10.1145/1851182.1851214.
Liu X, Yang X, Xia Y. NetFence: Preventing internet denial of service from inside out. SIGCOMM’10 - Proceedings of the SIGCOMM 2010 Conference. 2010 Nov 15;255–266.

Published In

SIGCOMM'10 - Proceedings of the SIGCOMM 2010 Conference

DOI

Publication Date

November 15, 2010

Start / End Page

255 / 266

Related Subject Headings

  • Networking & Telecommunications
  • 4606 Distributed computing and systems software
  • 4006 Communications engineering
  • 1005 Communications Technologies
  • 0805 Distributed Computing
  • 0803 Computer Software