Routing Around Congestion - Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing

Explore a groundbreaking approach to mitigating Distributed Denial of Service (DDoS) attacks in this 23-minute conference talk presented at the 2018 IEEE Symposium on Security & Privacy. Discover Nyx, a novel system that treats DDoS mitigation as a routing problem rather than a filtering issue. Learn how this conceptual shift allows for effective defense against modern DDoS attacks, including transit-link DDoS, without requiring Internet redesign or external cooperation. Understand the innovative use of Border Gateway Protocol (BGP) and traffic engineering techniques to isolate critical traffic from attacked links onto uncongested paths. Examine the impressive results from Internet-scale simulations, showing Nyx's ability to successfully route around network segments under attack in over 98% of cases. Gain insights into the system's effectiveness in providing complete congestion relief for both transit-link and direct DDoS attacks.