An engineering approach to computer networking: ATM networks, the Internet, and the telephone network
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Defeating Distributed Denial of Service Attacks
IT Professional
Layer-4 Service Differentiation and Resource Isolation
RTAS '02 Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS'02)
MF (Minority First) Scheme for defeating Distributed Denial of Service Attacks
ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
A denial-of-service resistant public-key authentication and key establishment protocol
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Hi-index | 0.00 |
One barrier that hinders wired and wireless LAN, is the security problems caused by ubiquitous attackers. From the 4-layer protocol stack architecture in the Internet, the TCP layer seems to be vulnerable to flooding attacks, like the notorious Distributed Denial of Service (DDoS), due to 3-way handshaking mechanism defined in the connection-oriented TCP layer. In wireless LAN, the assaulting patterns from TCP-based DDoS have the similar destructive patterns as that in the wired Internet. In this article, we propose a feasible approach to alleviate the impact caused by TCP SYN Flooding. With the effective dual-queue application, the proposed Second Chance Packet Filtering (SCPF) scheme can efficiently decrease the probability of accepting bad frames, under the condition of not bothering the legal frames as possible, and therefore counteract the TCP SYN Flooding to an acceptable level. Although the proposed method cannot solve the TCP SYN Flooding problem completely, it still provides an efficient, cost-effective approach to mitigate the DDoS attacks for the legitimate users.