Abstract
Probabilistic Packet Marking (PPM) is known to be one of the better defense methods against Denial of Service (DoS) attacks. However, most of the routers on the Internet are not yet ready for PPM. Before a new router that has the PPM function can be deployed, several challenges such as cost, operation, and availability must first be resolved. In this paper, we propose a device for transparent PPM that makes the target router PPM-capable. The device does not change the existing configuration of the router nor do existing routers have to be replaced. We implemented and evaluated our proposed device on Linux with excellent results.
