By Topic

Novel defense mechanism against SYN flooding attacks in IP networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Chouman, M. ; American Univ. of Beirut ; Safa, H. ; Artail, H.

SYN flooding exploits the TCP three-way handshake process by sending many connection requests with spoofed source IP addresses to the victim. This keeps the victim from handling legitimate requests by causing it to populate its backlog queue with forged TCP connections. In this paper we propose a novel defense mechanism that makes use of the edge routers of the spoofed IP addresses networks. These edge routers determine whether the incoming SYN-ACK segment is valid or not by maintaining a matching table of the outgoing SYNs and incoming SYN-ACKs and also by using the ARP protocol. If the incoming SYN-ACK segment is not valid, the edge router resets the connection at the victim's machine freeing up an entry in the victim's backlog queue and enabling it to accept other legitimate incoming connection requests. The proposed mechanism introduces also a collaborative model to encourage various networks to protect each other. Implementation and test trials have shown the efficiency of the proposed mechanism

Published in:

Electrical and Computer Engineering, 2005. Canadian Conference on

Date of Conference:

1-4 May 2005