||Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user .|
Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work.
In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism.
We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively.
 Microsoft Security Home Page http://www.microsoft.com/security/default.mspx
 DDoS attack tool timeline http://staff.washington.edu/dittrich/talks/sec2000/timeline.html
 Tfn attack tool analysis
 stacheldraht attack tool analysis
 TFN2k attack tool analysis http://packetstormsecurity.com/distributed/TFN2k_Analysis-1.3.txt
 shaft attack tool analysis
 Jelena Mirkovic, Janice Martin and Peter Reiher “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” Computer Science Department University of California, Los Angeles
 Alefiya Hussain John Heidemann Christos Papadopoulos “A Framework for Classifying Denial of Service Attacks”
 Ratul Mahajan,Steven M. Bellovin,Sally Floyd,John Ioannidis, Vern Paxson, and Scott Shenker “Aggregate-Base Congestion Control” ICSI Center for Intenet Research(ICIR) AT&T Labs Research
 John Ioannidis, Steven M.Bellovin “Implementing Pushback: Router-Based Defense Against DDoS Attack” AT&T Labs Research
 Peter Reiher, Gregory Prier, Scott Michael, and Jun Li D-WARD: DDoS Network Attack Recognition and Defense home page “http://www.lasr.cs.ucla.edu/ddos/”
 J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source”, Proceedings of ICNP 2002, pp. 312-321, Paris, France, November 2002.
 Ju Wang Linyuan Lu Andrew A. Chien “Tolerating Denial of Service Attacks Using Overlay Networks Impact of Topology” Department of Computer Science and Engineering University of California, San Diego
 Ju Wang and Andrew A.Chien “An Analysis of Using Overlay Networks to Resist Distributed Denial-of-Service Attacks” Department of Computer Science and Engineering University of California,San Diego
 Angelos D. Keromytis Vishal Misra Dan Rubenstein “SOS:Secure Overlay Services” Department of Computer Science Department of Electrical Engineering Columbia University
 Hun-Jeong Kang, Seung-Hwa Chung, Seong-Cheol Hong, Myung-Sup Kim and James W. Hong “Towards Flow-based Abnormal Network Traffic Detection” DP&NM Lab.
 Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones ,Fabrice Tchakountio “Hash-Based IP Traceback”
 Bao-Tung Wang, Henning Schulzrinne “An IP Traceback Mechanism for Reflective DoS Attacks” Department of Computer Science, Columbia University
 Rocky K.C.Chang “Defending against Flooding-Based Distributed Denial-of-Service Attacks:A Tutorial The Hong Kong Polytechnic University
 Udaya Kiran Tupakula,Vijay Varadharajan “A Practical Method to Couteract Denial of Service Attacks” Information and Networked System Security Research Division of Information and Communication Sciences Macquarie University Sydney,Australia
 William G.Morein, Angelos Stavrou, Debra L.Cook,etc... ”Using Graphic Turing Tests To Counter Automated DDoS Attacks Against Web Servers” Department of Computer Science ,Department of Electical Engineering Columbia University in the City of New York