By Topic

On the effect of router buffer sizes on low-rate denial of service attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Sarat, S. ; Johns Hopkins Univ., Laurel, MD, USA ; Terzis, A.

Router queues buffer packets during congestion epochs. A recent result by Appenzeller et al. showed that the size of FIFO queues can be reduced considerably without sacrificing utilization. While Appenzeller showed that link utilization is not affected, the impact of this reduction on other aspects of queue management such as fairness, is unclear. Recently, a new class of low-rate DoS attacks called shrews was shown to throttle TCP connections by causing periodic packet drops. Unfortunately, smaller buffer sizes make shrew attacks more effective and harder to detect since shrews need to overflow a smaller buffer to cause drops. In this paper, we investigate the relation between buffer size and the shrew sending rate required to cause damage. Using a simple mathematical model, we show that a relatively small increase in the buffer size over the value proposed by Appenzeller is sufficient to render the shrew attack ineffective. Intuitively, bigger buffers require the shrews to transmit at much higher rates to fill the router queue. However, by doing so, shrews are no longer low-rate attacks and can be detected by active queue management (AQM) techniques such as RED-PD. We verified our analysis through simulations showing that a moderate increase in the buffer size, coupled with an AQM mechanism is adequate to achieve high link utilization while protecting TCP flows from shrew attacks.

Published in:

Computer Communications and Networks, 2005. ICCCN 2005. Proceedings. 14th International Conference on

Date of Conference:

17-19 Oct. 2005