{"title":"DDoS解决方案的权衡","authors":"Min Fan, Zhang Jun-yan, Li Wan-pei, Yang Guo-wei","doi":"10.1109/PDCAT.2003.1236287","DOIUrl":null,"url":null,"abstract":"Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.","PeriodicalId":145111,"journal":{"name":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","volume":"271 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Tradeoffs of DDoS solutions\",\"authors\":\"Min Fan, Zhang Jun-yan, Li Wan-pei, Yang Guo-wei\",\"doi\":\"10.1109/PDCAT.2003.1236287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.\",\"PeriodicalId\":145111,\"journal\":{\"name\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"volume\":\"271 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDCAT.2003.1236287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2003.1236287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.