CSAIL Event Calendar: Previous Series
How Puzzles Can Dilute A DoS Attack
A ``perfect'' denial of service attack may be indistinguishable from a massive influx of legitimate traffic. One attack scenario involves a relatively small pool of attacking machines generating a large amount of traffic to a server, while a very large pool of legitimate clients generates infrequent traffic. In this scenario, the server can dilute the processing load by charging its clients computation for each transaction via a puzzle mechanism such as that found in the Host Identity Protocol. The behavior of the legitimate client pool and the attacker pool scale differently in this scenario, allowing the server to precisely adjust its load by adjusting puzzle difficulty.