Distributed Denial of Service (DDoS) attacks pose a serious threat to availability of Internet Services. Several schemes have been proposed for countering DDoS attacks directed at an Internet Server, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. We propose a dynamic rate throttling technique that will greatly minimize the impact of attack. The basic mechanism is to have monitoring, rate limiting and filtering at edges of ISPs. The participating routers, start there function after getting a signal from a server under attack. Our scheme is invoked only during attack times, and is able to mitigate attack traffic through dynamic filtering. Server instructs edge routers to rate limit the traffic according to the share of traffic which is being passed through particular edge router. The solution proposed is an ISP level solution which is practical enough to be implemented. We simulate the scheme in NS-2 in Linux System. We use an Internet type topology to test our scheme. Web and FTP traffic was generated to evaluate the effectiveness of scheme. Our scheme shows good improvement over static router throttling techniques which were proposed earlier. Hence we believe that the scheme proposed in this paper is a promising approach to stop DDoS attacks
Copyright © 2014 Praise Worthy Prize - All rights reserved.