Entry Gilad:2012:LDA from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Gilad:2012:LDA,
  author =       "Yossi Gilad and Amir Herzberg",
  title =        "{LOT}: a Defense Against {IP} Spoofing and Flooding
                 Attacks",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "2",
  pages =        "6:1--6:??",
  month =        jul,
  year =         "2012",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2240276.2240277",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Jul 31 17:02:31 MDT 2012",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "We present LOT, a lightweight plug and play secure
                 tunneling protocol deployed at network gateways. Two
                 communicating gateways, A and B, running LOT would
                 automatically detect each other and establish an
                 efficient tunnel, securing communication between them.
                 LOT tunnels allow A to discard spoofed packets that
                 specify source addresses in B's network and vice versa.
                 This helps to mitigate many attacks, including DNS
                 poisoning, network scans, and most notably
                 (Distributed) Denial of Service (DoS). LOT tunnels
                 provide several additional defenses against DoS
                 attacks. Specifically, since packets received from
                 LOT-protected networks cannot be spoofed, LOT gateways
                 implement quotas, identifying and blocking packet
                 floods from specific networks. Furthermore, a receiving
                 LOT gateway (e.g., B) can send the quota assigned to
                 each tunnel to the peer gateway (A), which can then
                 enforce near-source quotas, reducing waste and
                 congestion by filtering excessive traffic before it
                 leaves the source network. Similarly, LOT tunnels
                 facilitate near-source filtering, where the sending
                 gateway discards packets based on filtering rules
                 defined by the destination gateway. LOT gateways also
                 implement an intergateway congestion detection
                 mechanism, allowing sending gateways to detect when
                 their packets get dropped before reaching the
                 destination gateway and to perform appropriate
                 near-source filtering to block the congesting traffic;
                 this helps against DoS attacks on the backbone
                 connecting the two gateways. LOT is practical: it is
                 easy to manage (plug and play, requires no coordination
                 between gateways), deployed incrementally at edge
                 gateways (not at hosts and core routers), and has
                 negligible overhead in terms of bandwidth and
                 processing, as we validate experimentally. LOT storage
                 requirements are also modest.",
  acknowledgement = ack-nhfb,
  articleno =    "6",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries