A scalable NAT‐based solution to Internet access denial by higher‐tier ISPs

Abstract: The Internet is an interconnection of autonomous systems (ASes) that are mostly controlled by Internet service providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information in the form of reachability paths. However, BGP does not guarantee that the advertised reachability paths will be exactly followed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. Th… Show more

“…As noted by Abu‐Amara et al . , the malicious ISP size, location, and connectivity have a direct impact on the extent of the Internet access denial. More specifically, an Internet access denial can be caused by a lower‐tier ISP only if it is present in the traffic's path.…”

“…The proposed NAT‐based solution is readily deployable for traffic originating from the network of the denied region and makes the solution very suitable for such traffic. However, because of the server reachability problem associated with NAT routers , the solution is not suitable when the traffic is originated outside the denied region's network and is destined to the denied region. Although Abu‐Amara et al .…”

“…Although Abu‐Amara et al . proposed a solution to the server reachability problem by using a web switch inside the denied region's network, such a solution is not readily deployable as the web switch is a new network component that needs further development. Moreover, the proposed web switch approach may not necessarily be extended to all network applications.…”

“…Moreover, Abu‐Amara et al . proposed a scalable identity concealing solution to the denial of the Internet access problem that is based on the concept of network address translation (NAT) . Furthermore, Abu‐Amara et al .…”

“…Furthermore, Abu‐Amara et al . supplied an evaluation of the NAT‐based solution's effect on the network performance. They concluded that introducing NAT as a solution has insignificant degradation on the network performance.…”

A combined solution for the Internet access denial caused by malicious Internet service providers

“…As noted by Abu‐Amara et al . , the malicious ISP size, location, and connectivity have a direct impact on the extent of the Internet access denial. More specifically, an Internet access denial can be caused by a lower‐tier ISP only if it is present in the traffic's path.…”

“…The proposed NAT‐based solution is readily deployable for traffic originating from the network of the denied region and makes the solution very suitable for such traffic. However, because of the server reachability problem associated with NAT routers , the solution is not suitable when the traffic is originated outside the denied region's network and is destined to the denied region. Although Abu‐Amara et al .…”

“…Although Abu‐Amara et al . proposed a solution to the server reachability problem by using a web switch inside the denied region's network, such a solution is not readily deployable as the web switch is a new network component that needs further development. Moreover, the proposed web switch approach may not necessarily be extended to all network applications.…”

“…Moreover, Abu‐Amara et al . proposed a scalable identity concealing solution to the denial of the Internet access problem that is based on the concept of network address translation (NAT) . Furthermore, Abu‐Amara et al .…”

“…Furthermore, Abu‐Amara et al . supplied an evaluation of the NAT‐based solution's effect on the network performance. They concluded that introducing NAT as a solution has insignificant degradation on the network performance.…”

A combined solution for the Internet access denial caused by malicious Internet service providers