Aggregate-Based Congestion Control (ACC) and Pushback

Papers:

Controlling High Bandwidth Aggregates in the Network (Extended Version).
Ratul Manajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker.
July, 2001 (postscript, PDF).
The shorter CCR version: CCR, V.32 N.3, July 2002. (CCR, local postscript, local PDF).

Poster at SIGCOMM 2001 (postscript, PDF, abstract).
Simulation scripts for the papers. README.
The Slashdot note.

Pushback Messages for Controlling Aggregates in the Network
Sally Floyd, Steven M. Bellovin, John Ioannidis, Kireeti Kompella, Ratul Manajan, and Vern Paxson.
draft-floyd-pushback-messages-00.txt, internet-draft, work in progress, July 2001. Expired draft.
Local copy: (text, postscript)

Distributed Denial of Service Attacks.
Steve Bellovin, February 18, 2000.
This talk discusses traffic volume monitoring, and the need for enhanced congestion control for high-volume aggregates.
Viewgraphs (postscript, PDF) from Vern Paxson, Panel on The DDoS Attacks.
RAID 2000, October 2000.
Theses viewgraphs give a quick overview of controlling high volume aggregates using Pushback.
Talk on Controlling High Bandwidth Aggregates (postscript, PDF).
Sally Floyd, November 29-30, 2000, E2E Research Group.
- Or the revised version talking about Bullies, Mobs, and Crooks (postscript, PDF): December 4, 2000.
This talk discusses controlling high-bandwidth flows, aggregate-based congestion control (for flash crowds), and DoS attacks at the congested router, and the use of Pushback to "push" packet drops upstream.
Steve Bellovin, DDoS Attacks and Pushback, December 5, 2000 (postscript, PDF).
These viewgraphs describe Pushback, and show a number of simulation results.
- Also the February 18, 2001, version of the talk, at NANOG: (postscript, PDF).
Ratul Mahajan, Aggregate Based Congestion: Detection and Control, April 2001 (postscript).
Seminar, University of Washington.
This talk discusses the motivation and mechanisms for aggregate-based congestion control.

Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich, Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites, WWWW2002, May 2002.
"Section 4.3 summarizes the behavioral differences of flash events and DoS attacks and develops some recommendations for Web servers based on these differences."
Jelena Mirkovic, Janice Martin, and Peter Reiher, A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, UCLA Technical Report #020018, 2002.
"This paper proposes a taxonomy of distributed denial-of-service attacks and a taxonomy of the defense mechanisms that strive to counter these attacks... The goal of the paper is to impose some order into the multitude of existing attack and defense mechanisms that would lead to a better understanding of challenges in the distributed denial-of-service field."
Christian Estan and George Varghese, New Directions in Traffic Measurement and Accounting, SIGCOMM, August 2002.
"We propose two novel and scalable algorithms for identifying the large flows."

What are the basic primitives in routers that would be useful for pushback and/or local ACC?

(The pushback project doesn't have any affiliations with any of these products.)

FloodGuard.
Cisco's IP Source Tracker.
"The IP Source Tracker feature allows you to gather information about the traffic flowing to a host that is suspected to be under attack. This feature also allows you to easily trace an attack back to its entry point into the network."

Last modified: November 2002.