论文信息 - Defenses Against TCP SYN Flooding Attacks

Defenses Against TCP SYN Flooding Attacks

Internet security and stability are topics we keep returning to in this journal. So far we have mainly focused on technologies that protect systems from unauthorized access and ensure that data in transit over wired or wireless networks cannot be intercepted. We have discussed security-enhanced versions of many of the Internet core protocols, including the Border Gateway Protocol (BGP), Simple Network Management Protocol (SNMP), and the Domain Name System (DNS). You can find all these articles by visiting our Website and referring to our index files. All back issues continue to be available in both HTML and PDF formats. In this issue, Wesley Eddy explains a vulnerability in the Transmission Control Protocol (TCP) in which a sender can overwhelm a receiver by sending a large number of SYN protocol exchanges. This form of Denial of Service attack, known as SYN Flooding, was first reported in 1996, and researchers have developed several solutions to combat the problem.

W. Eddy

[1] Andrew S. Tanenbaum,et al. Structured Computer Organization , 1976 .

[2] G. Grisetti,et al. Further Reading , 1984, IEEE Spectrum.

[3] Michael John Sebastian Smith,et al. Application-specific integrated circuits , 1997 .

[4] Markus G. Kuhn,et al. Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5] Pekka Nikander,et al. Stateless connections , 1997, ICICS.

[6] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[7] Pekka Nikander,et al. DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[8] Jonathan Lemon,et al. Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[9] Paul J. Walmsley,et al. XML Schema Part 0: Primer Second Edition , 2004 .

[10] Werner Vogels,et al. Web Services Are Not Distributed Objects , 2003, Int. CMG Conference.

[11] Charlie Kaufman,et al. Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[12] Randall R. Stewart,et al. Stream Control Transmission Protocol , 2000, RFC.

[13] Joseph D. Touch,et al. Defending TCP Against Spoofing Attacks , 2007, RFC.

[14] David Booth,et al. Web Services Description Language (WSDL) Version 2.0 Part 0: Primer , 2007 .

[15] Serge Mankovskii,et al. Service Oriented Architecture , 2009, Encyclopedia of Database Systems.