Abstract

Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.

Highlights

  • When TCP/IP protocol suite was initially developed as a part of network research development by the United States Advanced Research Projects Agency (DARPA or ARPA) in 1970s [1], they were unaware of the security attacks

  • From the results presented in this paper, it is evident that the legitimate client connection rate is improved by the use of SYN attack protection

  • We evaluated the host based protection feature provided by Microsoft against TCP-SYN based DDoS attacks for its widely deployed Windows 2003 servers

Read more

Summary

Introduction

When TCP/IP protocol suite was initially developed as a part of network research development by the United States Advanced Research Projects Agency (DARPA or ARPA) in 1970s [1], they were unaware of the security attacks. There has always been some hacker community who have been trying to exploit security breaches of popular TCP/IP architecture. Whenever the hackers exploited the security breaches, the TCP/IP developer community tried to fix it by making some changes to the TCP/IP protocol suite. Recently Microsoft released a critical patch to TCP/IP on 8th September 2009 [2] This patch corresponds to the zero window size of the TCP packet after the three-way handshake is complete and time stamp code execution. A link can become established with any user whose details are unidentified to the server ahead of time This type of unbounded LISTEN is the target of SYN flooding attacks due to the way it is typically implemented by operating systems [3]

Three-Way Handshake
TCP SYN Flood Attack
SYN Attack Protection Performance
Findings
Conclusions

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.