Todd Booth scite author profile

This article is concerning distributed reflection denial of service (DRDoS) attacks. These DRDoSattacks are more frequent and large scale, and are one of the biggest threats on the Internet. This paperdiscusses the best way to defend from these attacks using public cloud defenses, such as AmazonAWS, Google GCP, and Microsoft Azure, at a very low cost. Our mitigation strategy takes advantageof the fact that the attacker does not have full control to change the source IP port to anything theywant, when used in these reflective attacks. We propose to have the customer host their Web serversand other types of supporting servers in the public cloud. The cloud provider then reserves a /CIDRblock of IP addresses, which will be protected. The cloud providers customers who opt in, will beallocated an IP address from this block. This block will be used as the source IP address deny portionof the firewall rule-sets. Then the public cloud providers will use BGP4 Flow-Spec or some scriptingsolution, to have their IP service provider neighbors perform the actual filtering of the DRDoS attacktraffic concerning attacks against these servers.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Todd Booth

Reputation Based Security Model for Android Applications

WallDroid: Cloud Assisted Virtualized Application Specific Firewalls for the Android OS

Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services

Network DDoS Layer 3/4/7 Mitigation via Dynamic Web Redirection

Mitigating DRDoS Network Attacks via Consolidated Deny Filter Rules

Contact Info

Product

Resources

About