Security Integration in DDoS Attack Mitigation Using Access Control Lists

摘要

In this article, the authors propose a DDoS mitigation system through access list-based configurations, which are deployed at the ISP (Internet Service Provider's) edge routers to prohibit DDoS attacks over ISPs' networks traffic. The effectiveness of the proposed system relies heavily on the willingness of ISPs in implementing the system. Once each ISP implements the system, most attacks can easily be stopped close to their point of origin. The main challenge is to implement such a system with the fixed amount of memory and available processing power with routers. A coordinated effort by participating ISPs filters out attacks close to their source, reducing the load on other routers. The suspicious traffic is first filtered out based on their source IP address. The authors also implemented the WRED algorithm for their case and conduct GNS3 experiments in a simulated environment.