TCP SYN Flooding Attacks and Common Mitigations

Eddy, Wesley M.

doi:10.17487/rfc4987

Cited by 203 publications

(132 citation statements)

References 5 publications

Supporting

Mentioning

127

Contrasting

Unclassified

Order By: Relevance

“…For example, TCP's "Nagle" algorithm [RFC1122] can be disabled, improving communication latency at the expense of more frequent --but still congestion controlled --packet transmissions. Another example is the TCP SYN cookie mechanism [RFC4987], which is available on many platforms. TCP with SYN cookies does not require a server to maintain per-connection state until the connection is established.…”

Section: Udp Usage Guidelinesmentioning

confidence: 99%

UDP Usage Guidelines

Shepherd¹,

Fairhurst²,

Eggert³

2017

View full text Add to dashboard Cite

show abstract

Section: Udp Usage Guidelinesmentioning

confidence: 99%

UDP Usage Guidelines

Shepherd¹,

Fairhurst²,

Eggert³

2017

View full text Add to dashboard Cite

show abstract

“…In practice, these trees are used for threat elicitation and analysis-representing threats at a high-level of abstraction-and have tended not to be used to capture low-level or concrete security configuration detail. For example, while a threat tree may identify a firewall countermeasure for a Denial of Service attack, a conventional threat tree is not effective, or intended to model, for example, distinctions between Syn-Proxy versus Syn-Threshold configurations [16] for a firewall in a subnet that is downstream from other similarly configured firewalls. In the latter case, much of the semantics of the threats and corresponding countermeasures are implicit and outside of the threat tree structure.…”

Section: Threat Treesmentioning

confidence: 99%

“…For example, while a threat tree may identify a firewall countermeasure for a Denial of Service attack, a threat tree is not effective, or intended to model low-level configuration details. For example, distinctions between SYN-proxy versus SYN-threshold configurations [16] for a firewall in a subnet downstream from other similarly configured firewalls. In the latter case much of semantics of the threats and corresponding countermeasures are implicit and outside of the threat tree structure.…”

Section: Introductionmentioning

confidence: 99%

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

show abstract

“…As a consequence, a NAC policy should prohibit incoming packets claiming to originate from the internal network. Similarly both [6,23] are examples of best practice with regard to mitigating DoS attacks. Countermeasures synDoSLimit and synDoSDrop introduced in Section 4 are examples of DoS catalogue countermeasures.…”

Section: Configuration Recommendation Synthesismentioning

confidence: 99%

“…In practice these trees are used for threat elicitation and analysis: representing threats at a high-level of abstraction and they tend not to be used to capture low-level or concrete security configuration detail. For example, while a threat tree may identify a firewall countermeasure for a Denial of Service attack, it is not advantageous/intended to model, for example, the distinctions between SYN-proxy versus SYN-threshold configurations [6] for a firewall in a sub-net that is downstream from other similarly configured firewalls. In the latter case much of semantics of the threats and countermeasures must be modeled implicitly and outside of the tree structure.…”

Section: Introductionmentioning

confidence: 99%

An Approach to Security Policy Configuration Using Semantic Threat Graphs

Foley

Fitzgerald

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of best-practice countermeasures.

show abstract

TCP SYN Flooding Attacks and Common Mitigations

Cited by 203 publications

References 5 publications

UDP Usage Guidelines

UDP Usage Guidelines

Management of security policy configuration using a Semantic Threat Graph approach

An Approach to Security Policy Configuration Using Semantic Threat Graphs

Contact Info

Product

Resources

About