Summary: OverDoSe: A Generic DDoS Protection
Service Using an Overlay Network
Elaine Shi Ion Stoica David Andersen
Adrian Perrig
February 2006
CMU-CS-06-114
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
Abstract
We present the design and implementation of OverDoSe, an overlay network offering generic
DDoS protection for targeted sites. OverDoSe clients and servers are isolated at the IP level.
Overlay nodes route packets between a client and a server, and regulate traffic according to the
server's instructions. Through the use of light-weight security primitives, OverDoSe achieves
resilience against compromised overlay nodes with a minimal performance overhead. OverDoSe
can be deployed by a single ISP who wishes to offer DDoS protection as a value-adding service to
its customers.
Keywords: overlay network, Distributed Denial-of-Service, computational puzzle, compro-
mised overlay nodes, request channel
1 Introduction

Source: Andersen, Dave - School of Computer Science, Carnegie Mellon University
Carnegie Mellon University, School of Computer Science

Collections: Computer Technologies and Information Sciences