Title :
Avoiding DDoS with active management of backlog queues
Author :
Bellaïche, Martine ; Grégoire, Jean-Charles
Author_Institution :
Genie Inf. et Genie Logiciel, Ecole Polytech. de Montreal, Montréal, QC, Canada
Abstract :
TCP (Transmission Control Protocol) is the dominant end to end transport protocol of the Internet, with a wide range of applications including Web, mail or peer to peer traffic. The TCP stack implements a “backlog queue” for new connections, which contains an entry for every client´s connection setup received by the server. If the TCP handshake is not completed, the pending half-open connection stays in the backlog queue until a time-out expires and, if that time-out value is too big, the half-open connection stays in the queue longer than necessary. We present a technique to assign and find a suitable connection-establishment time-out value to reduce the risks of an overflow of the backlog queue in situations of SYN flooding attacks. We evaluate from experimental traces that our technique can reduce the size of the backlog queue size up to 50% while preserving normal connections.
Keywords :
Internet; peer-to-peer computing; queueing theory; telecommunication network management; telecommunication security; telecommunication traffic; transport protocols; DDoS avoidance; Internet; SYN flooding attacks; TCP stack; Web; backlog queue active management; connection-establishment time-out value; end to end transport protocol; mail; peer to peer traffic; transmission control protocol; Data structures; Delay; Electronic mail; Estimation; Histograms; Internet; Servers; Backlog Queue; SYN flooding attack; TCP Time-Out;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6060021
