Title :
Intentional dropping: a novel scheme for SYN flooding mitigation
Author :
Al-Duwairi, B. ; Manimaran, G.
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Iowa City, IA, USA
Abstract :
This paper presents a novel scheme to mitigate the effect of SYN flooding attacks. The scheme, called intentional dropping based filtering, is based on the observation of client´s persistence (i.e., client´s reaction to packet loss by subsequent retransmissions) which is very widespread as it is built in TCP´s connection setup. The main idea is to intentionally drop the first SYN packet of each connection request. Subsequent SYN packet from a request is passed only if it adheres to the TCP´s timeout mechanism. Our analysis shows that the proposed scheme reduces attacker´s effective attack rate significantly with an acceptable increase in connection establishment latency.
Keywords :
Internet; routing protocols; telecommunication congestion control; telecommunication security; transport protocols; SYN flooding attack; TCP connection; intentional dropping based filtering; transmission control protocol; Access protocols; Bandwidth; Computer crime; Computer networks; Delay; Filtering; Floods; TCPIP; Traffic control; Web and internet services;
Conference_Titel :
INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE
Print_ISBN :
0-7803-8968-9
DOI :
10.1109/INFCOM.2005.1498569
