Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

OverDoSe: A Generic DDoS Protection Service Using an Overlay Network

Summary: OverDoSe: A Generic DDoS Protection
Service Using an Overlay Network
Elaine Shi Ion Stoica David Andersen
Adrian Perrig
February 2006
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
We present the design and implementation of OverDoSe, an overlay network offering generic
DDoS protection for targeted sites. OverDoSe clients and servers are isolated at the IP level.
Overlay nodes route packets between a client and a server, and regulate traffic according to the
server's instructions. Through the use of light-weight security primitives, OverDoSe achieves
resilience against compromised overlay nodes with a minimal performance overhead. OverDoSe
can be deployed by a single ISP who wishes to offer DDoS protection as a value-adding service to
its customers.
Keywords: overlay network, Distributed Denial-of-Service, computational puzzle, compro-
mised overlay nodes, request channel
1 Introduction


Source: Andersen, Dave - School of Computer Science, Carnegie Mellon University
Carnegie Mellon University, School of Computer Science


Collections: Computer Technologies and Information Sciences