SymTrack: Preventing DenialofService Attacks with Packet Symmetry

1
SymTrack Preventing Denial-of-Service Attacks
with Packet Symmetry

• Michael Wood, Andrew Warfield, Christian Kreibich
  and Vern Paxson
• November 13, 2009

2
The Denial-of-Service problem

• Denial-of-Service (DoS) attacks cost everybody
  
• Victims service goes down - lose revenue,
  reputation
• Source network bandwidth is wasted on attack
• Liability concerns
• Over 1000 attacks per day - extortion attempts

3
SymTrack Solution

• Prevent DoS at the source network
• Goal a SymTrack monitored network cannot be the
  source of flooding DoS attacks

4
Why enforce at the source?

• Good network citizen
• Less wasted upstream bandwidth
• No more attacks no liability concerns
• High fidelity filtering - source address
  integrity
• Isolated administrative control
• Incrementally deployable

5
Good traffic is symmetric traffic

• Relatively equal outgoing and incoming packets
• A lower TXRX packet ratio --gt better traffic
• Symmetry captures implicit signaling
• SymTrack forces the ratio between outgoing and
  incoming packets to remain low

6
A DoS flood example
Nothing can be done here Vs link is flooded
Nothing can be done here ISP Ds link is flooded
V asks ISP S to stop sending Bs
traffic Finally, Success!
B
V
internet
Online Service V
A
7
A DoS flood with SymTrack
B starts to floods traffic to V
Reply traffic does not come from V, so Bs
outgoing traffic is severely limited by SymTrack.
V can tolerate the innocuous traffic from B.
B
V
internet
ISP S
Online Service V
A
SymTrack
8
Summary

• Symmetry is a practical metric to discern good
  from malicious traffic
• Source network symmetry-based filtering
• Is effective defense against DoS attacks
• Provides immediate benefit to deploying ISP
• Reduces malicious traffic on the Internet