Computer Science Department
School of Computer Science, Carnegie Mellon University


OverDoSe: A GEneric DDoS Proection Service
Using an Overlay Network

Elaine Shi, Ion Stoica, David Andersen, Adrian Perrig

February 2006

Keywords: Overlay network, Distributed Denial-of-Service, computational puzzle, compromised overlay nodes, request channel

We present the design and implementation of OverDoSe, an overlay network offering generic DDoS protection for targeted sites. OverDoSe clients and servers are isolated at the IP level. Overlay nodes route packets between a client and a server, and regulate traffic according to the server”Ēs instructions. Through the use of light-weight security primitives, OverDoSe achieves resilience against compromised overlay nodes with a minimal performance overhead. OverDoSe can be deployed by a single ISP who wishes to offer DDoS protection as a value-adding service to its customers.

31 pages

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by