The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Protecting TCP services from denial of service attacks

Protecting TCP services from denial of service attacks
Protecting TCP services from denial of service attacks

In this paper, we present a scheme that protects legitimate traffic from the large volume of attackers packets during a DDoS attack. Legitimate packets can be recognized by the tokens they carry in the IP header. Obtaining a token does not require protocol additions or changes, rather it is automatically obtained when a TCP connection is established. We believe that the Implicit Token Scheme (ITS) has numerous advantages: (1) It is totally transparent to clients. (2) No new protocols or modification of existing ones is needed to implement ITS. (3) Operations required by intermediate routers are computationally not more intensive than a couple of addition operations which could be easily done at wire-speed. (4) Does not lead to false positives. (5) Can sustain server availability even during attacks involving hundreds of thousands of attackers.

DDoS defense, Path identificatio, Syn cookie
155-160
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6
Farhat, Hikmat
4b7583f4-d03c-425e-a65a-82c0e157e7e6

Farhat, Hikmat (2006) Protecting TCP services from denial of service attacks. In Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, LSAD'06. vol. 2006, pp. 155-160 . (doi:10.1145/1162666.1162674).

Record type: Conference or Workshop Item (Paper)

Abstract

In this paper, we present a scheme that protects legitimate traffic from the large volume of attackers packets during a DDoS attack. Legitimate packets can be recognized by the tokens they carry in the IP header. Obtaining a token does not require protocol additions or changes, rather it is automatically obtained when a TCP connection is established. We believe that the Implicit Token Scheme (ITS) has numerous advantages: (1) It is totally transparent to clients. (2) No new protocols or modification of existing ones is needed to implement ITS. (3) Operations required by intermediate routers are computationally not more intensive than a couple of addition operations which could be easily done at wire-speed. (4) Does not lead to false positives. (5) Can sustain server availability even during attacks involving hundreds of thousands of attackers.

This record has no associated files available for download.

More information

Published date: 11 September 2006
Venue - Dates: ACM SIGCOMM 2006 - Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, , Pisa, Italy, 2006-09-11 - 2006-09-15
Keywords: DDoS defense, Path identificatio, Syn cookie

Identifiers

Local EPrints ID: 492296
URI: http://eprints.soton.ac.uk/id/eprint/492296
DOI: doi:10.1145/1162666.1162674
PURE UUID: f4858a01-1863-4414-95be-ac41de04c397
ORCID for Hikmat Farhat: ORCID iD orcid.org/0000-0002-5043-227X

Catalogue record

Date deposited: 23 Jul 2024 17:12
Last modified: 24 Jul 2024 02:06

Export record

Altmetrics

Contributors

Author: Hikmat Farhat ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×