DynaBone is a system for the rapid configuration, deployment, and management of protective layered overlays that both proactively and reactively resist distributed denial-of-service (DDOS) attacks.
DDOS attacks overload network connections at hosts and routers, often leaving administrators with no solution other than to disconnect the network. DynaBone automates this capability and makes it a viable alternative, by deploying parallel concurrent 'inner' overlays (innerlays) and a proactive/reactive multiplexer (PRM) to direct traffic among them.
DynaBone uses X-Bone's unique ability
to layer and compose these innerlays into a single 'outer' overlay (outerlay)
that presents an interface compatible with COTS applications and operating systems.
The result is a parallel set of innerlays, any subset of which can be disconnected
in response to attack while the outerlay continues to provide effective service
over the remaining innerlays.
Concurrent use of parallel innerlays provides redundancy that allows the overall network service to degrade gracefully even though any individual innerlay may fail completely or be disconnected due to an attack. This concurrency also provides alternate paths where traffic can be shifted to restore service, either by the use of alternate control and security algorithms, or via stronger algorithms with lower performance.
A mob attack necessitates a mob response. DynaBone provides multiple virtual targets, all of which must be simultaneously attacked to successfully deny service. A variety of network management (routing, DNS, etc.) and security algorithms are used in different innerlays, resulting in a set that is stronger than any individual component. The shifting of traffic to unaffected innerlays provides a moving target to hide from or actively avoid DDOS attacks.
The use of concurrent parallel innerlays allows concurrent use of different
network and security algorithms. By using all of these networks (per-packet
scatter), DynaBone makes the resulting outerlay (thus network connectivity)
more difficult to attack, providing proactive defense. When an innerlay is compromised,
by concerted DDOS attacks to its addresses or algorithms, that innerlay can
be removed from the scatter algorithm to provide reactive defense.
Like the X-Bone that it extends, DynaBone deploys these capabilities on demand, across administrative boundaries or among coalitions. A web-based GUI simplifies network deployment and management, and secure, fail-safe coordination automates configuration details.
Negative impact on attackers: DynaBone allows the network to disconnect innerlays under attack while retaining outerlay connectivity. Network disconnection can have a negative impact on attackers, by denying service at the layer being attacked, or by more advanced capabilities such as honeypots in the disabled overlays, or even traffic reflectors which redirect attacks back to the attacker. In a single network these techniques are infeasible because they disconnect the components being protected; DynaBone's redundant innerlays enable these responses.