In computing, a denial-of-service (DoS) attack, and a distributed DoS (DDoS) attacks (each referred to hereinafter as “DoS” attacks), is an attempt to make a host or other network resource unavailable to its intended users. Although the motives, the targets, and the means to implement an attack may vary, a DoS attack typically consists of attempts to interrupt services of a host connected to a network, such as the Internet.
In an effort to mitigate the risk of such attacks, access control nodes (ACNs), such as routers may be interposed between an Internet point of presence (POP) and protected network hosts. Such ACNs may employ strategies, such as Access Control Lists (ACLs) to filter network traffic, and static routes to a Null0 interface to divert inadmissible network traffic.
For example, using an ACL, an access control node ACN, such as a router, may filter incoming network traffic by controlling whether routed packets are forwarded or blocked at the ACN's interfaces. The ACN examines a packet to determine whether to forward or drop the packet on the basis of the criteria specified within the ACL. ACL criteria may include the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other characteristics of the packet.