The Internet has become a primary communication channel for the world, as it continues to grow in traffic volumes and reach. The types of applications supported over the Internet are also changing, from basic applications such as web browsing to applications with real-time constraints such as Internet Protocol (IP) telephony. The increased reliance on the Internet has also raised the risk that a single attack or failure could seriously disrupt communications. In particular, an attacker can potentially disable a network by flooding it with traffic. Such attacks are known as bandwidth-based distributed denial-of-service (DDoS) attacks. DDoS protection is based on coarse-grain traffic anomalies detection. Traceback techniques can be used to identify the attack source. After detecting the source of the DDoS attack, the DDoS traffic can be blocked at the ingress point by configuring access control lists or by using DDoS scrubbing devices.
The use of the same reference symbols in different drawings indicates similar or identical items.