"A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system." (From Wikipedia, the free encyclopedia).
This project demonstrates a method of avoiding system resources abuse due to DoS attack. The proposed method is based on client authentication by the server at the transport layer. Every packet received at the server contains a key which was calculated and attached to it by the client. The key is checked against a key which is generated at the server based on the client's authentication ID and the current time.
The key is re-calculated periodically. This ensures a "cheaper" solution than calculating a key for every packet.
The current implementation handles UDP packets only, but the method can be generalized to encapsulate packets at the IP layer, making it indifferent to the transport protocol.
The proposed method is based on a research by Gal Badishi and Dr. Idit Keidar of the Technion Electrical Engineering faculty, and Amir Herzberg of the Computer Science department at the Bar-Ilan University.