Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing
Internet services and causing millions of dollars of financial loss. This work
presents NetFence, a scalable DoS-resistant network architecture. NetFence uses
a novel mechanism, secure congestion policing feedback, to enable robust
congestion policing inside the network. Bottleneck routers update the feedback
in packet headers to signal congestion, and access routers use it to police
senders' traffic. Targeted DoS victims can use the secure congestion policing
feedback as capability tokens to suppress unwanted traffic. When compromised
senders and receivers organize into pairs to congest a network link, NetFence
provably guarantees a legitimate sender its fair share of network resources
without keeping per-host state at the congested link. We use a Linux
implementation, ns-2 simulations, and theoretical analysis to show that
NetFence is an effective and scalable DoS solution: it reduces the amount of
state maintained by a congested router from per-host to at most per-(Autonomous
System).