Malicious packet dropping: how it might impact the TCP performance and how we can detect it

  • Authors:
  • Xiaobing Zhang;S. F. Wu;Zhi Fu;Tsung-Li Wu

  • Affiliations:
  • -;-;-;-

  • Venue:
  • ICNP '00 Proceedings of the 2000 International Conference on Network Protocols
  • Year:
  • 2000

Quantified Score

Hi-index 0.00

Visualization

Abstract

Among various types of denial of service attacks, "dropping attack" is probably the most difficult one to handle. This paper explores the negative impacts of packet dropping attacks and a method to detect such attacks. First, three dropping patterns are classified and investigated. We demonstrate that attackers can choose different dropping patterns to degrade TCP service to different levels, and selectively dropping a very, small number of packets can result in severe damage to TCP performance. Second, we show that a hacker can utilize a DDoS attack tool to control a "uncompromised" router to emulate dropping attacks. This proves that dropping attacks are indeed practically very possible to happen in today's Internet environment. Third, we present a statistical analysis module for the detection of TCP packet dropping attacks. Three measures, session delay, the position and the number of packet reorderings, have been implemented in the statistical module. This paper has evaluated and compared their detection performance.