Notice of Violation of IEEE Publication Principles: An Effective Defense against Distributed Denial of Service in Grid

Abstract

Notice of Violation of IEEE Publication Principles<br><br>"An Effective Defense Against Distributed Denial of Service in Grid"<br>by Mohan H.S. and A. Raji Reddy,<br>in the Proceedings of the First International Conference on Integrated Intelligent Computing, August 2010, pp. 84-89<br><br>After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles.<br><br>This paper is a duplication of the original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission.<br><br>Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article:<br><br>"An Effective Defense Against Distributed Denial of Service in Grid"<br>by N. Venkatesu, V. Deepan Chakravarthy, D. Sathya<br> in the Proceedings of the First International Conference on Emerging Trends in Engineering and Technology, July 2008, pp. 373-378<br><br> <br/> IP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to conceal flooding sources and localities in flooding traffic, and prevent legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability to filter spoofed IP packets near victims is essential to their own protection as well as to their avoidance of becoming congestion and involuntary DoS reflectors. Although an attacker can forge any field in the IP header, he or she cannot falsify the number of hops an IP packet takes to reach its destination. This hop count information can be inferred from the Time- to-Live (TTL) value in the IP header. Using a mapping between IP addresses and their hop-counts to an Internet server, the server can distinguish spoofed IP packets from legitimate ones. Based on this observation, we present a novel filtering technique that is immediately deployable to weed out spoofed IP packets. We have an IP to Hop Count Mapping Table (IP2HC) to store the Hop Count Values. We implement HCF in the Linux kernel, demonstrating its benefits using experimental measurements. We deploy the security mechanism in Globus Toolkit (GT4) to ensure that HCF can identify the spoofed packet in a Grid Environment.