We present Beaver -- a robust method to "build dams" to protect legacy servers from (Distributed) Denial of Service (DoS) attacks by realistic adversaries. These adversaries may have knowledge of their attack's successfulness, e.g., by observing service performance degradation, or by eavesdropping on messages or parts thereof, and (with some delay) adapt their attacks accordingly. The main challenge in presenting such a solution is to exploit existing lightweight packet filtering mechanisms, which can cope with high-speed traffic, in a way that allows fast processing of packets, but is complex enough so that the attacker cannot efficiently craft packets that pass the filters.
Beaver introduces two DoS-protection mechanisms: one for the admission of new client sessions, and another for protecting on-going sessions. The former uses dedicated admission servers. The latter is Porthopper -- a two-party communication protocol that mitigates DoS attacks by avoiding the use of fixed port, and performing "pseudorandom port hopping" instead. Porthopper uses simple, readily-available, and efficient packet filtering mechanisms based mainly on (addresses and) port numbers. Together, these mechanisms are very effective: even when a heavy DoS attack is launched, clients can still start new sessions with the server, and ongoing sessions are almost unaffected by the attack. Overall, Beaver is a simple and practical system that preserves the original properties of the legacy server, such as latency and computation load.Joint work with Gal Badishi and Amir Herzberg.