Denial of Service Protection with Beaver

Gal Badishi, Amir Herzberg, Idit Keidar, Oleg Romanov, Avital Yachin

Research output: Contribution to journalConference articlepeer-review

3 Scopus citations


We present Beaver, a method and architecture to “build dams” to protect servers from Denial of Service (DoS) attacks. Beaver allows efficient filtering of DoS traffic using low-cost, high-performance, readily-available packet filtering mechanisms. Beaver improves on previous solutions by not requiring cryptographic processing of messages, allowing the use of efficient routing (avoiding overlays), and establishing keys and state as needed. We present two prototype implementations of Beaver, one as part of IPSec in a Linux kernel, and a second as an NDIS hook driver on a Windows machine. Preliminary measurements illustrate that Beaver withstands severe DoS attacks without hampering the client-server communication. Moreover, Beaver is simple and easy to deploy.

Original languageEnglish
JournalDagstuhl Seminar Proceedings
StatePublished - 2007
EventFrom Security to Dependability 2006 - Wadern, Germany
Duration: 10 Sep 200615 Sep 2006

Bibliographical note

Publisher Copyright:
© 2007 Dagstuhl Seminar Proceedings. All rights reserved.


Dive into the research topics of 'Denial of Service Protection with Beaver'. Together they form a unique fingerprint.

Cite this