The Socket Handoff Defense to DoS Attacks http://www.cs.cmu.edu/~softagents Katia Sycara, PI Overview Key Benefits of Socket Handoff A denial of service (DoS) attack is an attack by malicious or naïve hackers on an information networking infrastructure and the computing systems that depend on it. Attacks may range from the shutdown of a single computer, to the removal of an entire network or system from the Internet. • The termination of the DoS attack. Malicious network connections, often partial and containing spoofed or inaccurate IP addresses, will be dropped and “left behind” in the “move.” Legitimate client outside subnet 1. DoS Attack 3. Loss of access by outside clients With The Socket Handoff Defense, a targeted Organization may maintain operation of the networked infrastructure. A lightweight socket handoff technology allows computers on the network to relocate out of harm’s way by renumbering their IP network addresses. 3. Legitimate outside client connects using Discovery 2. Attacker loses connection to network host. new IP • Continuity of service. The relocation is accomplished without needing to stop, disconnect, or interrupt services and network connections that are valid and already active. These connections will be automatically updated with the new and renumbered addresses. • Application transparency. The Socket Handoff mechanism is implemented in the operating system kernel. Likewise, all network applications can benefit from it without needing to be rewritten. A wide variety of applications can benefit from this technology, from file, database and web servers, to specialized peer-to-peer Internet services. • Gradual phase-in. Under normal circumstances, applications running on operating systems not implementing the Socket Handoff mechanism can communicate with those running on operating systems that do support handoff. Applications need a Socket-Handoff-established kernel to maintain a connection when the server relocates and hands off its new IP address. Discovery Features new IP 1. Server changes IP address and notifies clients. Subnet connections are uninterrupted. In February 2002, the Intelligent Software Agents Lab demonstrated an implementation of Linux kernel-level sockets that permitted transparent Socket Handoff among three different network test applications. To our knowledge, it was the first such demonstration of its kind. Relocated network service providers and requestors find each other at their new addresses through lightweight and fail-safe Discovery services, such as those implemented in the Intelligent Software Agents Lab's RETSINA agent architecture. These RETSINA technologies have been verified to work across multiple network topologies, managed by a variety of network management policies. This research has been sponsored in part by: the Office of Naval Research Grant N00014-96-16-1-1222, DARPA Grant F30602-98-20138, DARPA Grant F30602-00-2-0592, and by AFOSR Grant F49620-01-1-0542.