DoS: Fighting Fire with Fire

Michael Walfish, Hari Balakrishnan, David Karger, Scott Shenker
4th ACM Workshop on Hot Topics in Networks (HotNets), College Park, MD, November 2005

We consider DoS attacks on servers in which attackers' requests are indistinguishable from legitimate requests. Most current defenses against this class of attack rely on legitimate users in aggregate having more of some resource (CPU cycles, memory cycles, human attention, etc.) than attackers. A server so defended asks prospective clients to prove their legitimacy by spending some of this resource. We adopt this general approach but use bandwidth as the constrained resource. Specifically, we argue that when a server is attacked, it should: (1) prevent overloading by limiting the incoming rate of requests (and dropping all others) and (2) encourage its legitimate clients to fight back with aggressive retransmission. This approach forces all clients to spend bandwidth to receive service, and the legitimate clients, with their greater aggregate bandwidth, will receive the bulk of the service.

[PDF (185KB)] [PostScript (348KB)] [Gzipped PostScript (113KB)]

Bibtex Entry:

@inproceedings{walfish2005dos,
   author =       "Michael Walfish and Hari Balakrishnan and David Karger and Scott Shenker",
   title =        "{DoS: Fighting Fire with Fire}",
   booktitle =    {4th ACM  Workshop on Hot Topics in Networks (HotNets)},
   year =         {2005},
   month =        {November},
   address =      {College Park, MD}
}