Avoiding DDoS with active management of backlog queues

Author

Bellaïche, Martine ; Grégoire, Jean-Charles

Author_Institution

Genie Inf. et Genie Logiciel, Ecole Polytech. de Montreal, Montréal, QC, Canada

fYear

2011

fDate

6-8 Sept. 2011

Firstpage

310

Lastpage

315

Abstract

TCP (Transmission Control Protocol) is the dominant end to end transport protocol of the Internet, with a wide range of applications including Web, mail or peer to peer traffic. The TCP stack implements a “backlog queue” for new connections, which contains an entry for every client´s connection setup received by the server. If the TCP handshake is not completed, the pending half-open connection stays in the backlog queue until a time-out expires and, if that time-out value is too big, the half-open connection stays in the queue longer than necessary. We present a technique to assign and find a suitable connection-establishment time-out value to reduce the risks of an overflow of the backlog queue in situations of SYN flooding attacks. We evaluate from experimental traces that our technique can reduce the size of the backlog queue size up to 50% while preserving normal connections.

Keywords

Internet; peer-to-peer computing; queueing theory; telecommunication network management; telecommunication security; telecommunication traffic; transport protocols; DDoS avoidance; Internet; SYN flooding attacks; TCP stack; Web; backlog queue active management; connection-establishment time-out value; end to end transport protocol; mail; peer to peer traffic; transmission control protocol; Data structures; Delay; Electronic mail; Estimation; Histograms; Internet; Servers; Backlog Queue; SYN flooding attack; TCP Time-Out;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security (NSS), 2011 5th International Conference on

Conference_Location

Milan

Print_ISBN

978-1-4577-0458-1

Type

conf

DOI

10.1109/ICNSS.2011.6060021

Filename

6060021