Analysis of a Denial of Service Attack on TCP

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Christoph L. Schuba Articles by Ivan V. Krsul Articles by Markus G. Kuhn Articles by Eugene H. spafford Articles by Aurobindo Sundaram Articles by Diego Zamboni

1997 IEEE Symposium on Security and Privacy

Oakland, CA

May 04-May 07

ISBN: 0-8186-7828-3

	ASCII Text	x
	Christoph L. Schuba, Ivan V. Krsul, Markus G. Kuhn, Eugene H. spafford, Aurobindo Sundaram, Diego Zamboni, "Analysis of a Denial of Service Attack on TCP," Security and Privacy, IEEE Symposium on, pp. 0208, 1997 IEEE Symposium on Security and Privacy, 1997.

	BibTex	x
	@article{ 10.1109/SECPRI.1997.601338, author = {Christoph L. Schuba and Ivan V. Krsul and Markus G. Kuhn and Eugene H. spafford and Aurobindo Sundaram and Diego Zamboni}, title = {Analysis of a Denial of Service Attack on TCP}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {1997}, issn = {1540-7993}, pages = {0208}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601338}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Analysis of a Denial of Service Attack on TCP SN - 1540-7993 SP EP A1 - Christoph L. Schuba, A1 - Ivan V. Krsul, A1 - Markus G. Kuhn, A1 - Eugene H. spafford, A1 - Aurobindo Sundaram, A1 - Diego Zamboni, PY - 1997 VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601338

This paper analyzes a network-based denial of service attack for IP (Internet Protocol) based networks. It is popularly called SYN flooding. It works by an attacker sending many TCP (Transmission Control Protocol) connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources. Once the target host's resources are exhausted, no more incoming TCP connections can be established, thus denying further legitimate access.The paper contributes a detailed analysis of the SYN flooding attack and a discussion of existing and proposed countermeasures. Furthermore, we introduce a new solution approach, explain its design, and evaluate its performance. Our approach offers protection against SYN flooding for all hosts connected to the same local area network, independent of their operating system or networking stack implementation. It is highly portable, configurable, extensible, and requires neither special hardware, nor modifications in routers or protected end systems.

Citation:

Christoph L. Schuba, Ivan V. Krsul, Markus G. Kuhn, Eugene H. spafford, Aurobindo Sundaram, Diego Zamboni, "Analysis of a Denial of Service Attack on TCP," sp, pp.0208, 1997 IEEE Symposium on Security and Privacy, 1997

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.