Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
IEEE Security and Privacy
| Hi-index | 0.00 |
Distributed denial-of-service (DDoS) attacks on public servers after 2000 have became a serious problem. In the DDoS attacks often seen recently, multiple distributed nodes concurrently attack a single server. To assure that essential network services will not be interrupted, faster and more effective defence mechanisms are needed to protect against malicious traffics, especially SYN floods. One of the problems in detecting SYN flood traffics is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of a SYN flood attack. Our method, FDFIX, relies on the use of monitoring and measurement techniques to evaluate the impact of denial-of-service (DoS) attacks. It uses flow-based measurements. Capturing flow information is very important for detecting DoS and other kinds of attacks. Flow monitoring allows detecting suspicious traffics, and in the next step can analyse attacking flows and the results can be used for defence methods. Our method provides required information for many mechanisms that use traffic measurement as its input.