Denial-of-Service attacks continue to grow despite the fact that a large number of solutions have been proposed in the literature.
The problem is that few are actually practical for real-world deployment and have incentives for early adopters.
We present Terminus, a simple, effective and deployable network-layer architecture against DoS attacks that allows receivers to request that undesired traffic be filtered close to its source.
In addition, we describe our implementation of each of the architecture’s elements using inexpensive off-the-shelf-hardware, and show that we can filter very large attacks in a matter of seconds while still sustaining a high forwarding rate even for minimum-sized packets.
We conclude by discussing initial deployment incentives.
