Novel defense mechanism against SYN flooding attacks in IP networks
SYN flooding exploits the TCP three-way handshake process by sending many connection requests with spoofed source IP addresses to the victim. This keeps the victim from handling legitimate requests by causing it to populate its backlog queue with forged TCP connections. In this paper we propose a no...
Saved in:
| Published in: | Canadian Conference on Electrical and Computer Engineering, 2005 pp. 2151 - 2154 |
|---|---|
| Main Authors: | , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
2005
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | SYN flooding exploits the TCP three-way handshake process by sending many connection requests with spoofed source IP addresses to the victim. This keeps the victim from handling legitimate requests by causing it to populate its backlog queue with forged TCP connections. In this paper we propose a novel defense mechanism that makes use of the edge routers of the spoofed IP addresses networks. These edge routers determine whether the incoming SYN-ACK segment is valid or not by maintaining a matching table of the outgoing SYNs and incoming SYN-ACKs and also by using the ARP protocol. If the incoming SYN-ACK segment is not valid, the edge router resets the connection at the victim's machine freeing up an entry in the victim's backlog queue and enabling it to accept other legitimate incoming connection requests. The proposed mechanism introduces also a collaborative model to encourage various networks to protect each other. Implementation and test trials have shown the efficiency of the proposed mechanism |
|---|---|
| ISBN: | 0780388852 9780780388857 |
| ISSN: | 0840-7789 2576-7046 |
| DOI: | 10.1109/CCECE.2005.1557414 |