Abstract
Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.
Highlights
When TCP/IP protocol suite was initially developed as a part of network research development by the United States Advanced Research Projects Agency (DARPA or ARPA) in 1970s [1], they were unaware of the security attacks
From the results presented in this paper, it is evident that the legitimate client connection rate is improved by the use of SYN attack protection
We evaluated the host based protection feature provided by Microsoft against TCP-SYN based DDoS attacks for its widely deployed Windows 2003 servers
Summary
When TCP/IP protocol suite was initially developed as a part of network research development by the United States Advanced Research Projects Agency (DARPA or ARPA) in 1970s [1], they were unaware of the security attacks. There has always been some hacker community who have been trying to exploit security breaches of popular TCP/IP architecture. Whenever the hackers exploited the security breaches, the TCP/IP developer community tried to fix it by making some changes to the TCP/IP protocol suite. Recently Microsoft released a critical patch to TCP/IP on 8th September 2009 [2] This patch corresponds to the zero window size of the TCP packet after the three-way handshake is complete and time stamp code execution. A link can become established with any user whose details are unidentified to the server ahead of time This type of unbounded LISTEN is the target of SYN flooding attacks due to the way it is typically implemented by operating systems [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
