This talk presents a comparison study on the effectiveness of filter-based and capability-based DoS defense systems. We describe the design and implementation of TVA, a capability-based DoS defense system, and StopIt, a filter-based one. We then compare them under simulated DoS attacks of various types and scales. Our results suggest that both filters and capabilities are highly effective DoS defense mechanisms, but neither is more effective than the other in all types of DoS attacks.
Copyright. All Rights Reserved.