16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana
Denial of Service Protection - The Nozzle
Elizabeth Strother
North Carolina State University
USA
A denial of service attack is a dominating conversation with a network resource
designed to preclude other conversations with that resource.
This type of attack can cost millions of dollars when the target is a critical
resource such as a web server or domain name server.
Traditional methods, such as firewalls and intrusion detection systems have
failed to provide adequate protection from
this type of attack. This paper presents a new protection method called a
nozzle.
The nozzle is based upon favorable aspects of firewalls and network pumps.
It is deployed similar to a firewall such that all conversations from an
untrusted user to a critical resource are monitored. The main advantage of the
nozzle is the ability to provide a threshold for trusted traffic thus precluding
new attacks. A nozzle consists of a series
of rings. Each of which has a trusted and untrusted buffer, rules for packet
placement,
and rules for communication with the next level. Rings are placed in the
protocol
stack so they can protect particular protocols.
Read Paper (in PDF)