Denial of service protection the nozzle

New Orleans, Louisiana December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898855

16th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by E. Strother

	ASCII Text	x
	E. Strother, "Denial of service protection the nozzle," Computer Security Applications Conference, Annual, pp. 32, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000.

	BibTex	x
	@article{ 10.1109/ACSAC.2000.898855, author = {E. Strother}, title = {Denial of service protection the nozzle}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2000}, issn = {1063-9527}, pages = {32}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898855}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Denial of service protection the nozzle SN - 1063-9527 SP EP A1 - E. Strother, PY - 2000 KW - authorisation; computer networks; telecommunication security; protocols; denial of service protection; nozzle; network resource; cost; Web server; domain name server; firewalls; intrusion detection; network pumps; untrusted user; trusted traffic; packet placement; protocol VL - 0 JA - Computer Security Applications Conference, Annual ER -

E. Strother, North Carolina State Univ., Raleigh, NC, USA

A denial of service attack is a dominating conversation with a network resource designed to preclude other conversations with that resource. This type of attack can cost millions of dollars when the target is a critical resource such as a Web server or domain name server. Traditional methods, such as firewalls and intrusion detection systems have failed to provide adequate protection from this type of attack. This paper presents a new protection method called a nozzle. The nozzle is based upon favorable aspects of firewalls and network pumps. It is deployed similar to a firewall such that all conversations from an untrusted user to a critical resource are monitored. The main advantage of the nozzle is the ability to provide a threshold for trusted traffic thus precluding new attacks. A nozzle consists of a series of rings. Each of which has a trusted and untrusted buffer, rules for packet placement, and rules for communication with the next level. Rings are placed in the protocol stack so they can protect particular protocols.

Index Terms:

authorisation; computer networks; telecommunication security; protocols; denial of service protection; nozzle; network resource; cost; Web server; domain name server; firewalls; intrusion detection; network pumps; untrusted user; trusted traffic; packet placement; protocol

Citation:

E. Strother, "Denial of service protection the nozzle," acsac, pp.32, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.