Abstract

Distributed Denial of Service (DDOS) remains a threat to exhaust network bandwidth and host resources. Majority of DDOS attack tools utilize IP Spoofing technology that makes it very difficult to filter illegitimate packets from aggregated traffic. Contrast to easy forgery of source IP address in the IP header, Time-to-Live (TTL) value is steady relatively. Based on this observation, Wang proposed a scheme called hop-count filtering (HCF) for filtering illegitimate packets from aggregated traffic. Wang's HCF is located in an end-system. In this paper, we introduce a method called distributed HCF (DHCF). Different DHCF is put in an intermediate-system. It has the advantage for resolving the problems of network bandwidth jam and host resources exhaustion. Comparing the performances of DHCF to HCF on the platform of NS2, our experiments exhibit that DHCF has better performance to relax network jam and maintain normal users' access.