International Journal of Computer Applications (0975 – 8887) Advanced Computing and Communication Techniques for High Performance Applications (ICACCTHPA-2014) 18 A Proactive Approach towards DDoS Management in Shortest Path Bridging Mensah Sitti Anna University, Department of Computer Science and Engineering Chennai, India Gideon Naah University of Electronic Science and Technology of China Dept. of Electronic Engineering Chengdu, China Daniel Owusu-Donkor Anna University Dept. of Electronic and Communication Engineering Chennai, India ABSTRACT Changes in technology have affected a large number of sections in the domain of Ethernet. Cloud computing has provided a new dimension for virtual networks (VLAN) as well. These changes have help shaped the paradigm of computer networks on the whole and continues to be the back bone of linking various datacenters. With the introduction of shortest path bridging (approved by IEEE as 802.1aq) computer networks will experience a more refined way of getting things done in a very excellent way. Distributed Denial of Service (DDoS) on the other hand has affected computer systems and networks to a large degree, although solutions have been provided to contain the situation. Attackers typically exploit well-known vulnerabilities, many of which have readily available fixes. Complicating matters are the intrusion tools that are widely available. Intruders have automated the processes for discovering vulnerable sites, compromising them, installing daemons, and concealing the intrusion. Even security-conscious sites can suffer a denial of service because attackers can control other, more vulnerable computer systems and use them against the more secure site. The use of shortest path bridging to manage DDoS attack is not only to help contain the situation but to also provide a way out and render the attacker helpless. This paper suggests ways that can be used by a victim computer to counter a DDoS attack from a possible attacker or an unintentional attack. It helps to safeguard the user against unwarranted service which might command a computer to do without necessarily being aware. The simulation was conducted on a Linux operating system using ns3 and result obtained gives a promising future to pursue further work on the use of IEEE 802.1aq Shortest Path Bridging in managing Distributed Denial of service (DDoS). Keywords Shortest Path Bridging; DDoS Attack; Security-Conscious; VLAN; Ethernet; Intruders; STP 1. INTRODUCTION The need to get dependable and proficient source of information in today‘s global village is becoming imperatively inevitable. Especially at a time when organizations want to get reasonable gain over other firms in business. Days of the traditional way of doing business and filing different forms of documents in file cabinets are gradually becoming a thing of the past. All these way have been converted in electronic sources where users can easily replicate thousands of copies and distribute to all stakeholders. More importantly, with the emergence of cloud and online working documents, students, worker and associates can seamlessly see what other colleagues are doing on a particular document at a time, irrespective of the distance involved. Simple switched Ethernet networks, while a great improvement over repeater- based Ethernet, suffer from single points of failure, attacks that trick switches or hosts into sending data to a machine even if it is not intended for it, scalability and security issues with regard to broadcast radiation and multicast traffic, and bandwidth choke points where a lot of traffic is forced down a single link [1]. Advanced networking features in switches and routers combat these issues through means including spanning-tree protocol to maintain the active links of the network as a tree while allowing physical loops for redundancy, port security and protection features such as MAC lock down and broadcast radiation filtering, virtual LANs to keep different classes of users separate while using the same physical infrastructure, multilayer switching to route between different classes and link aggregation to add bandwidth to overloaded links and to provide some measure of redundancy[1]. IEEE 802.1aq Shortest Path Bridging (SPB) includes the use of the link-state routing protocol IS-IS to allow larger networks with shortest path routes between devices. [1]. It is intended to simplify the creation and configuration of networks, while enabling multipath routing. [2]. IEEE 802.1aq is the replacement for the older Spanning Tree Protocols (IEEE 802.1D STP, IEEE 802.1w RSTP, IEEE 802.1s MSTP) which permitted only a single path toward the root bridge and blocked any redundant paths which could result in a layer 2 loop. IEEE 802.1aq allows all paths to be active with multiple equal cost paths, provides much larger layer 2 topologies (up to 16 million compared to the 4096 VLANs limit) [3], faster convergence times, and improves the use of the mesh topologies through increased bandwidth and redundancy between all devices by allowing traffic to load share across all paths of a mesh network [4]. Denial-of-service (DoS) attacks have been launched against Internet sites for years. They are a significant problem because they can shut an organization off from the Internet and because there is no comprehensive solutionfor protecting your site or recovering from a denial of service. Denial of service is accomplished technologically—the primary goal of an attack is to deny the victim(s) access to a particular resource. It is an explicit attempt by attackers to prevent legitimate users of a computer-related service from using that service. But, as any information and network security issue, combating denial of service is primarily an exercise in risk management. To mitigate the risk, an administrator needs to make business decisions as well as technical decisions. Managing the risks posed by denials of service requires a multi-pronged approach such as:  Design business for survivability. Have business continuity provisions in place[5].