Skip to Main Content
Over the last decade, several value-added services have been proposed for deployment in the Internet. IP multicast is an example of such a service. IP multicast is a stateful service in that it requires routers to maintain state for forwarding multicast data toward receivers. This characteristic makes the service and its users vulnerable to denial-of-service (DoS) attacks. One type of attack aims to saturate the available buffer space for storing state information at the routers. A successful attack can prevent end systems from properly joining multicast groups. In this paper, we present a solution to state overload attacks; evaluate the overhead of the solution through a combination of simulation and implementation; and outline an incremental deployment strategy for its partial deployment. The evaluation results indicate that our solution improves the resistance of IP multicast to state overload attacks.