1 |
S. Bellovin, Distributed Firewalls; login: Magazine, special issue on security, Nov. 1999.
|
2 |
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, "UMAC: Fast and secure message authentication," in Proc. Advances in Cryptology-CRYPTO, 1999.
|
3 |
M. Casado, A. Akella, P. Cao, N. Provos, and S. Shenker, "Cookies along trust-boundaries (CAT): Accurate and deployable flood protection," Usenix SRUTI'06: 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, 2006.
|
4 |
CERT/CC, "TCP SYN flooding and IP spoofing attacks," CERT Advisory CA-1996-21, Sept. 1996.
|
5 |
Stonesoft. (Oct. 2001).Multi-Link Technology. [Online]. Available: http:// www.stonesoft.com/products/whitepapers.
|
6 |
Netfilter Homepage. [Online]. Available: http://www.netfilter.org.
|
7 |
K. Park and H. Lee, "On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack," in Proc. IEEE INFOCOM, Apr. 2001, pp.338-347.
|
8 |
G. Rooij, "Real stateful TCP packet filtering in IP filter," 10th USENIX Security Symposium invited talk, Aug. 2001.
|
9 |
V. Paxson, "An analysis of using reflectors for distributed denial-of-service attacks," Computer Communications Review 31 (3), July 2000.
|
10 |
Check Point Software Technologies Ltd. (Aug. 2005). Stateful Inspection Technology. Check Point Tech Note. [Online]. Available: http://checkpoi nt.com/products/downloads/Stateful_Inspection.pdf.
|
11 |
D. J. Bernstein, SYN Cookies Homepage, 1996. [Online]. Available: http: //cr.yp.to/syncookies.html.
|
12 |
D. Vukadinovic, P. Huang, and T. Erlebach, "A spectral analysis of the Internet topology," Technical Report ETH-TIK-NR 118, 2001.
|
13 |
A. Akella, A. Shaikh, and R. Sitaraman, "A measurement-based analysis of multihoming," in Proc. ACM SIGCOMM, 2003.
|
14 |
Q. Vohra and E. Chen, "BGP support for four-octet AS number space," Work in progress, Internet Draft draft-ietf-idr-as4bytes-13.txt, Feb. 2007.
|
15 |
R. Russel and H. Welte, Linux netfilter Hacking HOWTO, June 2002.
|
16 |
D. Welch-Abernathy, Essential Check Point FireWall-1, Addison-Wesley Publishers, Jan. 2002.
|
17 |
K. Park and H. Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets," in Proc. ACM SIGCOMM, Aug. 2001, pp.15-26.
|
18 |
A. Rijsinghani, "Computation of the Internet checksum via incremental update," RFC 1624, May 1994.
|
19 |
R. Braden, "Requirements for Internet hosts-communication layers," STD 3, RFC 1122, Oct. 1989.
|
20 |
S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, "Implementing a distributed firewall," in Proc. ACM CCS, 2000.
|
21 |
Y. He, M. Faloutsos, S. Krishnamurthy, and B. Huffaker, "On routing asymmetry in the Internet," in Proc. IEEE GLOBECOM, 2005.
|
22 |
J. Postel, Transmission Control Protocol, STD 7, RFC 793, Sept. 1981.
|
23 |
J. Johnson. (June 2002). BGP Is A Reachability Protocol. A NANOG Presentation. [Online]. Available: http://www.nanog.org/mtg-0206/ppt/jerm 2/.
|
24 |
Y. He, M. Faloutsos, and S. Krishnamurthy, "Quantifying routing asymmetry in the Internet at the AS level," in Proc. IEEE GLOBECOM, 2004.
|
25 |
J. Han, D. Watson, and F. Jahanian, "An experimental study of Internet path diversity," IEEE Trans. Dependable and Secure Computing, vol. 3, no. 4, pp.273-288, Oct.-Dec. 2006.
DOI
ScienceOn
|
26 |
V. Paxson, "End-to-end routing behavior in the Internet," in Proc. ACM SIGCOMM, 1996.
|
27 |
Nmap Homepage. [Online]. Available: http://www.insecure.org/nmap.
|
28 |
J. Kim, S. Bahk, and H. Lee, "A connection management protocol for stateful inspection firewalls in multi-homed networks," in Proc. IEEE ICC, June 2004.
|
29 |
G. Wright and W. Stevens, TCP/IP Illustrated, Volume 2: The Implementation, Addison-Wesley, 1995.
|