DDoS RIP Flashcards
Coremelt attack
congest network by sending leg. traffic between bots
Crossfire attack
flood specific link to disconnect target from rest of the internet
SCION Hidden path
Path that is not announced to core AS instead announce it only to selected entities
SCMP Authentication Host H in AS A sends to AS C
- First-level Key Exchange: AS C uses SVC to generate first level key KC→A = PRFSVC (“A”). AS C securely sends KC→A to AS A.
- Second-level Key Exchange: AS A generates a second-level key for H that can be used
for source authentication by AS C, i.e., KSCMP = PRFK (“H|SCMP”) and gives it to C→A:H C→A
host H. - Host H authenticates its ICMP message using KSCMP . C→A:H
- AS C dynamically recreates KSCMP by retrieving the first-level key that it generated in C→A:H
Step 1 and computing the second-level key that AS A computed. 5. Finally it verifies the authenticity of the message.
How is communication flow with DRKey Kx->y
In opposite direction as key derivation. Burden lies on sender of the message, receiver can just derive key to verify.
Colibri
Colibri allows hosts to reserve end to end paths between each other with guar- anteed bandwidth. This solves the DDoS problem as the legitimate path is guaranteed at least some bandwidth. In order to reserve a path, first each segment needs to be reserved by the source AS, and then these reserved segments are used to exchange packets to set up the whole e2e path reservation.
Admission Control Algo of colibri prevents:
- A single AS congests a link by requesting multiple different paths that traverse it.
• A group of ASes, controlled by the same attacker, can reserve too many paths going through the same link.
EPIC
Every packet is checked:
- duplicate suppression with bloom filter
- per packet source auth. with DRKeys
- per packet variable hop fields, include packet creation time -> prevents brute force of hop fields MAC
