Abstract
Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented results of experiments that were conducted to test the security capability of the latest server Operating System from Microsoft Inc., namely Windows Server 2012 R2. Experiments were designed to evaluate its in-built security features in defending against a common Distributed Denial of Service (DDoS) attack, namely the TCP-SYN based DDoS attack. Surprisingly, it was found that the Windows Server 2012 R2 OS lacked sufficient host-based protection and was found to be unable to defend against even a medium intensity3.1 Gbps-magnitude of TCP-SYN attack traffic. The server was found to crash within minutes after displaying a Blue Screen of Death (BSoD) under such security attacks.
Highlights
Nowadays, huge and long-lasting Distributed Denial of Service (DDoS) attacks as high as 600 Gbps are being observed against organizations and are making headline news frequently [1]
Huge and long-lasting DDoS attacks as high as 600 Gbps are being observed against organizations and are making headline news frequently [1]
Network system security has been improved to a great extent through the development of technologies such as Intrusion Detection and Intrusion Prevention Systems, Firewalls, Proxies and through the implementation of several strategies such as SYN cookies [8], packet filtering based on sender IP addresses, reducing the SYN-RECEIVED timer, recycling the oldest half-open Transmission Control Block (TCB), SYN cache [9] to name a few
Summary
Huge and long-lasting DDoS attacks as high as 600 Gbps are being observed against organizations and are making headline news frequently [1]. Network system security has been improved to a great extent through the development of technologies such as Intrusion Detection and Intrusion Prevention Systems, Firewalls, Proxies and through the implementation of several strategies such as SYN cookies [8], packet filtering based on sender IP addresses, reducing the SYN-RECEIVED timer, recycling the oldest half-open Transmission Control Block (TCB), SYN cache [9] to name a few Most of these prevention mechanisms are used as an external mechanism (such as intrusion prevention system) to protect a server against a TCP SYN flood attack with varying results. In the third and final step, the sender sends an ACK packet to the receiver and allocates buffers and variables following which the connection is set up [10] This mechanism in the TCP connection establishment that requires that the receiver (server) allocate resources before the completion of the three-way handshake is exploited in the TCP/SYN attack. With increasing number of SYN requests, the server keeps on allocating resources, and this keeps the victim server too occupied to be able to handle the connection requests of legitimate users leading to a denial of service (Figure 2)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
