The Assignment

There will be only one assignment this semester. The submission deadline is 5 pm, Friday 21th March, 2025.

Topic

You must write a technical report to evaluate the Linux kernel tools available to defend against Distributed Denial of Service (DDoS) attacks.

A clear explanation of the most common attack types is provided on the Cloudflare website (under the heading “Common DDoS attacks).

Note that after describing mitigation strategies for each type of attack, the Cloudflare defence is described - other service providers are available.

The two solutions you should explore are Netfilter (c. slide 113 of the lecture notes) and eBPF

Description

Pick one of the categories of attack listed in the link above, and describe how Netfilter and eBPF can be used to defend against such attacks, comparing the two approaches.

Your proposed solution can be either:

1. Working code in the form of a loadable module or eBPF script that mitigates the DDoS attack

   • In this case, choose one of the easier attacks to mitigate, e.g., the Ping attack

2. A “paper” solution where you describe the specification of your mitigation strategy in sufficient detail that a programmer could convert it into code

   • In this case, you should select a more challenging class of attack, as otherwise there will be little content in your specification

In the event that you develop a working Netfilter solution for an unsophisticated attack, but fail to get anything to work using eBPF, describe the difficulties you encountered and include them in your comparison of Netfilter and eBPF. Getting code to work is great, but a well documented but failed attempt can also have value (e.g., this test).

In your report, be sure to describe the background to your approach (describe the class of attack, summarise the capabilities of Netfilter and eBPF that you will use, and any prior work on which your approach is based. If you get code to work (or try to, but do not succeed), document your test strategy. If your solution is on paper, make sure to include a test strategy in your description.

Bear the marking scheme in mind when deciding how to spend your time on the assignment - a working but poorly documented solution will garner few marks because there will be no evidence of its success.

You are invited to discuss approaches to solving the problem on the blog (and marks will be awarded for doing so) but your work and your report must be your own. If you are unclear on the boundary between appropriate discussion of general principles and excessive collaboration on what is supposed to be a solo assignment, ask me for clarification of the specific issue via the blog.

DO not paste graphics into your report without attribution. That constitutes plagiarism. Any figures should be your own work.

Report

Maximum 15 A4 pages, not inluding the list of references, or any appendices containing code or algorithm descriptions. A short but well-written report will score highly on writing style - do not feel compelled to write that many pages if you can write a more concise report. The document structure (section titles, etc.) is your own choice, but bear the marking scheme in mind.

Marking Scheme

Mark Distribution

Element	Mark (%)
Background Knowledge and Literature Survey	25%
Technical Merit of Proposed Solutions (code/pseudocode/algorithm description)	25%
Description and Analysis of Solutions	15%
Conclusions	10%
Quality of Referencing and Citations	10%
Writing Style and Report Quality	15%
Total	100%

Useful Links

• https://www.tcpdump.org/papers/bpf-usenix93.pdf

• https://docs.cilium.io/en/stable/network/ebpf/intro/

• https://filipnikolovski.com/posts/ebpf/

• https://arthurchiao.art/blog/firewalling-with-bpf-xdp/

Assistance

Seek assistance via the blog (and offer assistance if you can) but remember that your code, algorithm and report must be your own work.

Submission

Submission instructions:

Reports must be submitted electronically using Loop. See link at the foot of this page.

• Your report must be uploaded in PDF format.

• Make sure that the name of the file includes your name and student number (e.g., “S2 Assignment - Joe Bloggs - 12345678.pdf”).

• Ensure that any fonts used by your report are embedded in the PDF file.

  • (In Word, if saving as PDF, you need to verify that the option “ISO 19005-1 compliant (PDF/A)” is enabled

  • Google how to do this for your particular version of Word).

• Do NOT zip, tar, or otherwise compress files before uploading.

• A copy of each of your source code files (if any) in plain text format should also be uploaded.

  • Make sure that your name appears in the comments at the start of each file

  • Information should be provided on how to compile, link or otherwise produce executable code from your source code.

All reports must be accompanied by a signed cover page. No marks will be awarded to any unsigned report.

Loop Upload Links

Semester 2 Assignment. (link to follow)

Resit Assignment¶

Details to follow