Skip to Main Content
DDOS attacks generate flooding traffic from multiple sources towards selected nodes and cause obstruction in flow of legitimate information within a network. If the victim node is the server at ISP level requiring fast information processing, the entire network operation stops. We use various lines of honeypot based defense against such attacks. The first line of defense detects the presence of attacks. The second line of defense identifies and tags attack flows in real time. The work in this paper concentrates on the third line of defense, where a model for honeypot based routing has been proposed in response to identified attack flows. We propose the automatic generation of adequate server nodes to service client requests and honeypots to interact with attackers in contained manner. The judicious mixture of servers and honeypots at different time intervals provide stable network functionality at ISP level. We validate the effectiveness of the approach with modeling on Internet type topology and simulation in ns-2 on a Linux platform.