Title :
Malicious packet dropping: how it might impact the TCP performance and how we can detect it
Author :
Zhang, Xiaobing ; Wu, Tsung-Li ; Fu, Zhi ; Tsung-Li Wu
Author_Institution :
Ericsson, Raleigh, NC, USA
Abstract :
Among various types of denial of service attacks, “dropping attack” is probably the most difficult one to handle. This paper explores the negative impacts of packet dropping attacks and a method to detect such attacks. First, three dropping patterns are classified and investigated. We demonstrate that attackers can choose different dropping patterns to degrade TCP service to different levels, and selectively dropping a very, small number of packets can result in severe damage to TCP performance. Second, we show that a hacker can utilize a DDoS attack tool to control a “uncompromised” router to emulate dropping attacks. This proves that dropping attacks are indeed practically very possible to happen in today´s Internet environment. Third, we present a statistical analysis module for the detection of TCP packet dropping attacks. Three measures, session delay, the position and the number of packet reorderings, have been implemented in the statistical module. This paper has evaluated and compared their detection performance
Keywords :
Internet; packet switching; statistical analysis; telecommunication security; transport protocols; Internet environment; TCP performance; denial of service attacks; detection performance; dropping attack; hacker; malicious packet dropping; packet reorderings; position; router; session delay; severe damage; statistical analysis module; Computer crime; Computer hacking; Counting circuits; Degradation; Delay; Internet; Position measurement; Quality of service; Statistical analysis; Statistics;
Conference_Titel :
Network Protocols, 2000. Proceedings. 2000 International Conference on
Conference_Location :
Osaka
Print_ISBN :
0-7695-0921-5
DOI :
10.1109/ICNP.2000.896310
