1. A DoS-limiting Network Architecture ~Offense~ Alberto Gonzalez Keven Tan

2. Big Change ➲ They propose the start of a new architecture ● Every router will need to be modified to implement the capabilities ● Destinations will need to implement the capabilities ➲ What happens if some companies don't implement this new architecture? Will some users be completely cut off from parts of the Internet?

3. Design ➲ Slows down attack traffic, but good traffic could possibly be flagged if mistaken for an attack ● If no capability is available (even if by router or destination fault) the packets are treated as latency packets ➲ Speed of connection limited by fine-grained capabilities

4. Design (cont) ➲ Encryption Overhead (more on this later) ➲ Everyone gets a share of the bandwidth ● Even if it's a small share, small shares add up

5. Simulation ➲ Attackers ● What about a Botnet attack? ● ~100,000 vs 100 ➲ Realistic? ● Every attacker was similar (packet size, etc)

6. Simulations: Floods ➲ Authorized Packet Floods ● “[users] get a lesser share of the bandwidth, but no user will be starved” ● What about more user's, problems with low bandwidth with 10 users

7. Simulation (Cont) 0.46s 0.033sPer 1.486sMillion 0.439s Packets 1.821s ➲ Servers can get 1+ million packets per second ➲ Hash Functions Decrease Performance