Sign In

Communications of the ACM

ACM TechNews

Ddos Defenses Emerging From Homeland Security

Anti-DDoS measures are already common for large companies.

Public, private, and academic researchers are working on new ways to combat distributed denial-of-service attacks.

Credit: Mike Pellinni/iStock

Public, private, and academic researchers are collaborating on new distributed denial-of-service (DDoS) defenses, a goal made all the more urgent by last month's DDoS attack on domain name system (DNS) provider Dyn.

Such efforts are overseen by Dan Massey, program manager for the U.S. Department of Homeland Security Advanced Research Projects Agency Cyber Security Division. Projects Massey is underwriting include a collaboration between the University of Delaware and others to identify new types of attacks, and the University of Houston's probe of on-demand network capacity to manage attacks.

"We need to think about creating multiple paths for getting DNS information between the creator and consumers of that information," says ThreatSTOP chief scientist Paul Mockapetris.

The anti-DDoS measure with the most longevity likely is the Internet Engineering Task Force's Best Current Practice #38, which prevents a network from sending packets with counterfeit IP addresses.

However, officials at the University of California, San Diego's Center for Applied Internet Data Analysis (CAIDA) say a protocol is lacking for Internet authorities to enforce such standards.

CAIDA runs the Spoofer Project to enable users to see if their network permits forged packets. The center estimates 75% of 435 million tested Internet Protocol addresses are currently unspoofable.

From TechRepublic
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found