Abstract
This paper proposes a new strategy for using proof-of-work (PoW) to mitigate certain Denial of Service attacks which rely on address spoofing. By requiring clients to include a very small PoW in their requests to establish new connections, servers can protect connection resources from spoofers who lack the processing power to compute sufficient proofs for each packet in their floods. We present a methodology for evaluating this system empirically in a network testbed.