DEFENDING AGAINST TCP SYN FLOODING WITH A NEW KIND OF SYN-AGENT
TCP-based flooding attack is a common form of Denial-of-Service (DoS) attacks which abuses network resources and may bring serious threats to the network. The SYN flood attack is a DoS method affecting hosts to retain the half-open state and exhaust its memory resources. This attack is hard to be filtered by the routers in case that the source IP address is always spoofed. There are some common ways to defend against this attach, but all of them either requires a high-performance firewall or trade time for space. In this paper, we proposed a method to build a new kind of syn-agent which uses the TCP header reserved flag bits to notify the server a complete three-way TCP handshake. First the syn-agent instead of the real server answer the client with ACK after received a SYN packet from the client. Then if it is a syn-attack, there should be no further ACKs after this. After a given short period, the half-open TCP sock should be deleted from the agent. If it is a really connection request, after the third time handshake packet arrived, the agent set the reserved bit in the TCP header to be 1 and route the packet to the real server. When the server received a packet with the reserved bits set to be 1, it directly allocates memory for the connection and begins to communicate.
DoS: SYN flooding syn-agent
PI-E LIU ZHONG-HUA SHENG
School of Computer Science and Technology, Harbin University of Science and Technology, Harbin 15000 School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China
国际会议
2008 International Conference on Machine Learning and Cybernetics(2008机器学习与控制论国际会议)
昆明
英文
1218-1221
2008-07-12(万方平台首次上网日期,不代表论文的发表时间)