Christoph Schuba scite author profile

This paper analyzes a network-based denial of service attack for IF (Inteme.t Protocol) The paper contributes a detailed analysis of the SYN flooding attack and a discussion of existing and proposed countermeasures. Furthermore, we introduce a new solution approach, explain its design, and evaluate its perfonnance. Our approach offers protection against SYN flooding for all hosts connected to the same local area network, independent of their operating system or networking stack implementation. It is highly portable, configurable, extensible, and neither requires special hardware, nor modifications in routers or protected end systems.attacks cun be launched with little effort. Presently, it is difficult to trace an attack uack to its originator.Several possible solutions to this attack have been proposed by others, und some implemented. We have developed an active monitoring tool that classifies IP source addresses with high probability as being falsified or genuine. Our approach finds connection establishment protocol messages that are coming from forged IP addresses, and takes actions to ensure that the resulting illegitimate half-open connections arc reset immediately. This paper is organized as follows. Section 2 describes backgroWld material, such as the IP and TCP protocols. Section 3 explains the SYN flooding attack. Section 4 discusses existing approaches to solve this problem, such as configuration improvements and firewall-based approaches. The technical details of our approach are described in Section 5, followed by a performance evaluation in Section 6. Sections 7 and B outline future work issues and present conclusions.

show abstract

Hybrid TCP-UDP transport for Web traffic

Cidon

Rom

Gupta

et al. 1999

View full text Add to dashboard Cite

Scaling network services using programmable network devices

et al. 2005

View full text Add to dashboard Cite

Enabling hierarchical and bulk-distribution for watermarked content

Caronni

Schuba

View full text Add to dashboard Cite

Firewalls fend off invasions from the Net

Lodin

Schuba

1998

IEEE Spectr.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.