Link-flooding, as perpetrated by distributed denial of service attacks are a serious threat to the Internet. We propose a pushback mechanism to defeat such attacks: routers experiencing sustained, massive congestion ask the upstream routers to drop the packets instead, thus freeing bandwidth for other traffic. This algorithm is applied recursively, pushing back to either an uncongested link or even the sources of the problem. Simulation results show that this scheme is indeed effective.

This is joint work with John Ioannidis of AT&T Labs Research, Ratul Mahajan of University of Washington, and Sally Floyd, Vern Paxson, and Scott Shenker of ACIRI.