ContactPerson: rc27@cse.buffalo.edu Remote host: ny-amherst-c4-1-bg4a-2-138.bflony.adelphia.net ### Begin Citation ### Do not delete this line ### %R 2003-09 %U /tmp/2003-09.pdf %A Chinchani, Ramkumar %A Pramanik, Suranjan %A Garg, Ashish %T Handling Failures and DOS Attacks Using Network Device Groups %D July 15, 2003 %I Department of Computer Science and Engineering, SUNY Buffalo %K Fault tolerant networking; Security %Y Reliability; Security %X With the growing popularity of the Internet and the falling prices of network devices, it is not unusual to find multiple network devices in a computer system. Technologies such as Internet connection sharing and NAT are commonly being used by end users to make network connectivity more viable. In this paper, we point out that this implicit redundancy can be used to achieve fault tolerance. It is known that network devices can be grouped to achieve failover support. However, the focus has been limited to localized factors and device failures. In the context of the Internet, security against DOS attacks also becomes an important issue. While the use of multiple network devices provides a good solution for device failure, it doesn t guarantee a good defense against DOS attacks. We show that computer systems can become tolerant to DOS attacks if some external factors are also taken into account. The main contribution of this paper is a systematic and comprehensive solution that makes a best effort to provide reliable network connectivity even when network device failures and DOS attacks occur. We have implemented and tested this technique in Linux and report our findings.