Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services

In this paper, we propose a solution to eliminate a popular type of Denial of Service (DoS) attack, which is a DoS amplification attack. Note that a DoS is a subset of DDoS. Our solution protects servers running any number of TCP services. This paper is focused on the most popular type of DoS amplification attack, which uses the UDP protocol. Via DoS UDP amplification attacks, an attacker can send a 1 Gbps traffic stream to reflectors. The reflectors will then send up 556 times that amount (amplified traffic) to the victim's server. So just ten PCs, each sending 10Mbps, can send 55 Gbps indirectly, via reflectors, to a victim's server. Very few ISP customers have 55 Gpbs provisioned. Expensive and complex solutions exist. However our elimination techniques can be implemented very quickly, easily and at an extremely low cost.