Rabkin, Ari2007-04-042007-04-042007-03-08http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2007-2076https://hdl.handle.net/1813/5767Protecting the bottleneck link of an internet services against denial of service attacks is a difficult problem. The NUTSS architecture can be used to protect the bottleneck link for private services whose authentication can be replicated, provided that a NAT can be installed at the upstream end of this link. This paper analyzes the proposed defense and argues that it has a low run-time cost and offers substantial security benefits.353578 bytesapplication/pdfen-UScomputer sciencetechnical reporttechnical report