Boffin claims DoS attack breakthrough

A computer scientist at the University of Massachusetts claims to have worked out a new technique for combating Denial of Service (DoS) attacks that requires adding a single bit of information to messages sent across the web.

Micah Adler, an assistant professor at the university's Department of Computer Science, explained that one of the main difficulties in dealing with DoS attacks is that information can be sent anonymously over the internet.

Messages are sent in bundles of bits called packets, which are despatched from source to destination along a series of routers. These routers do not store any information about past traffic and, in particular, there is no record of the course of a packet.

Adler said he has developed an automated method for tracing a stream of packets back to its source.

It uses a single bit in the header of each packet and requires each router along the path of attack to perform a simple random routine on each packet.

This determines whether the value of that bit should be a 1 or a 0 when the packet is received at its destination.

"If the victim receives a large number of packets from the same source, as would occur in a DoS attack, then it is virtually guaranteed to be able to determine the identity of every router along the path of those packets," he said. "This means that the victim knows the source of the attack."

But Adler pointed out that his method, which builds on an approach known as 'probabilistic packet marking', also has its drawbacks.

The number of packets required to reconstruct the path of the attack can be quite large, and grows exponentially with the length of the path.

"For longer paths, the number of packets required is too large to make this scheme practical," he admitted.