| | |
Summary: Mayday: Distributed Filtering for Internet Services
David G. Andersen
MIT Laboratory for Computer Science
dga@nms.lcs.mit.edu
Abstract
Mayday is an architecture that combines overlay net-
works with lightweight packet filtering to defend against
denial of service attacks. The overlay nodes perform
client authentication and protocol verification, and then
relay the requests to a protected server. The server is
protected from outside attack by simple packet filtering
rules that can be efficiently deployed even in backbone
routers.
Mayday generalizes earlier work on Secure Overlay
Services. Mayday improves upon this prior work by sep-
arating the overlay routing and the filtering, and provid-
ing a more powerful set of choices for each. Through
this generalization, Mayday supports several different
schemes that provide different balances of security and
performance, and supports mechanisms that achieve bet-
|
