skip to main content
10.1145/1516241.1516279acmconferencesArticle/Chapter ViewAbstractPublication PagesicuimcConference Proceedingsconference-collections
research-article

Counteract SYN flooding using second chance packet filtering

Published: 15 February 2009 Publication History

Abstract

One barrier that hinders wired and wireless LAN, is the security problems caused by ubiquitous attackers. From the 4-layer protocol stack architecture in the Internet, the TCP layer seems to be vulnerable to flooding attacks, like the notorious Distributed Denial of Service (DDoS), due to 3-way handshaking mechanism defined in the connection-oriented TCP layer. In wireless LAN, the assaulting patterns from TCP-based DDoS have the similar destructive patterns as that in the wired Internet. In this article, we propose a feasible approach to alleviate the impact caused by TCP SYN Flooding. With the effective dual-queue application, the proposed Second Chance Packet Filtering (SCPF) scheme can efficiently decrease the probability of accepting bad frames, under the condition of not bothering the legal frames as possible, and therefore counteract the TCP SYN Flooding to an acceptable level. Although the proposed method cannot solve the TCP SYN Flooding problem completely, it still provides an efficient, cost-effective approach to mitigate the DDoS attacks for the legitimate users.

References

[1]
Aura T, Nikander P, and Leiwo J, in DOS-Resistant Authentication with Client Puzzles, Lecture Notes In Computer Science, vol. 2133, Springer-Verlag, pp. 170--177.
[2]
Chen Y. W, Hsiang K. S, and Hsieng T. Y, in Study on the Prevention of SYN Flooding by Using Traffic Policing, Proceedings of Network Operations and Management Symposium, Hawaii, Apr. 2000, pp. 593--604.
[3]
Fung C. K and Lee M. C, in A Denial-of-Service Resistant Public-key Authentication and Key Establishment Protocol, Proceedings of the 21st IEEE International Performance, Computing, and Communications Conference, Apr. 2002, pp. 171--178.
[4]
Geng X and Whinston A. B, in Defeating Distributed Denial of Service Attacks, IT Pro, July-August 2000, pp. 36--41.
[5]
Ferguson P and Senie D, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC 2827.
[6]
Savage S, Karlin A and Anderson T, in Network Support for IP Traceback, IEEE/ACM Transactions on Networking, vol. 9, no. 3, pp. 226--237, June 2001.
[7]
Bellovin S, Leech M, and Taylor T, in ICMP Traceback Messages, Internet draft, Oct. 2001.
[8]
Lau F, Rubin S. H, Smith M. H, and Trajkovic L, in Distributed denial of service attacks, Proceedings of 2000 IEEE International Conference on Systems, Man, and Cybernetics, Mashville, TN, USA, Oct. 2000, pp. 2275--2280.
[9]
Packeteer, Detect and limit DoS attacks, white paper, http://support.packeteer.com/…/prevent-dos-attacks.html.
[10]
Cisco Systems, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks, white paper, http://www.cisco.com/warp/…/newsflash.html, Feb. 2000.
[11]
Ahn G, Kim K, Jang J, in MF (Minority First) Scheme for defeating Distributed Denial of Service Attacks, Proceedings of the 8th IEEE international Symposium on Computers and Communications (ISCC 2003), Jul. 2003, pp. 1233--1238.
[12]
Wang H and Shin K. G, in Layer-4 service differentiation and resource isolation, Proceedings of the 8th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2002), Sep. 2002, San Jose, CA, USA, pp. 67--78.
[13]
Kim Y. H, Jo J. Y, Chao H. J, and Merat F, in High-Speed router filter for blocking TCP flooding under DDoS attack Performance, Proceedings of Performance, Computing, and Communications Conference 2003, Apr. 2003, pp. 183--190.
[14]
Keshav S, An Engineering Approach to Computer Networking: ATM Networks, the Internet, and the Telephone Network, Addison Wesley, 1997.

Cited By

View all
  • (2019)Anomaly Detection Sensors for a Modbus-Based Oil and Gas Well-Monitoring System2019 2nd International Conference on Data Intelligence and Security (ICDIS)10.1109/ICDIS.2019.00008(1-8)Online publication date: Jun-2019

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ICUIMC '09: Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
February 2009
704 pages
ISBN:9781605584058
DOI:10.1145/1516241
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 February 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DDoS
  2. SYN flooding
  3. second chance packet filter
  4. security
  5. wireless LAN

Qualifiers

  • Research-article

Conference

ICUIMC '09
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)Anomaly Detection Sensors for a Modbus-Based Oil and Gas Well-Monitoring System2019 2nd International Conference on Data Intelligence and Security (ICDIS)10.1109/ICDIS.2019.00008(1-8)Online publication date: Jun-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media