Title :
Novel defense mechanism against SYN flooding attacks in IP networks
Author :
Chouman, Mohamad ; Safa, Haidar ; Artail, Hassan
Author_Institution :
American Univ. of Beirut
Abstract :
SYN flooding exploits the TCP three-way handshake process by sending many connection requests with spoofed source IP addresses to the victim. This keeps the victim from handling legitimate requests by causing it to populate its backlog queue with forged TCP connections. In this paper we propose a novel defense mechanism that makes use of the edge routers of the spoofed IP addresses networks. These edge routers determine whether the incoming SYN-ACK segment is valid or not by maintaining a matching table of the outgoing SYNs and incoming SYN-ACKs and also by using the ARP protocol. If the incoming SYN-ACK segment is not valid, the edge router resets the connection at the victim´s machine freeing up an entry in the victim´s backlog queue and enabling it to accept other legitimate incoming connection requests. The proposed mechanism introduces also a collaborative model to encourage various networks to protect each other. Implementation and test trials have shown the efficiency of the proposed mechanism
Keywords :
IP networks; routing protocols; transport protocols; IP networks; SYN flooding attacks; TCP three-way handshake process; backlog queue; defense mechanism; edge routers; Bandwidth; Collaboration; Computer crime; IP networks; Information security; Intelligent networks; Protection; Protocols; TCPIP; Web and internet services;
Conference_Titel :
Electrical and Computer Engineering, 2005. Canadian Conference on
Conference_Location :
Saskatoon, Sask.
Print_ISBN :
0-7803-8885-2
DOI :
10.1109/CCECE.2005.1557414
