Combating TCP Based Attacks on Mobile Devices

TCP based attack is a well known security problem that leads to consumption of mobile devices resources such as bandwidths, batteries as well as memory. The attack is common in new environments providing TCP-based network services (web service, email service) such as peer to peer networks and scenarios where wireless terminals act as servers. Verifying sources sending synchronize (SYN), acknowledge (ACK) or reset (RST) has been a great challenge. The existing solutions have focused much on verifying sources sending SYN requests and therefore encouraging attackers to use invalid RSTs and ACKs thus rendering the TCP servers ineffective. This paper describes two mechanisms that verify the sources sending SYN requests, ACK and RST in order to distinguish invalid requests and responses from legitimate ones. The solution requires minimum modifications to the existing firewalls and reduces attackerspsila effective rate significantly.

[1]  Joseph D. Touch,et al.  Defending TCP Against Spoofing Attacks , 2007, RFC.

[2]  W. Eddy Defenses Against TCP SYN Flooding Attacks , 2007 .

[3]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[4]  Mark Handley,et al.  Equation-based congestion control for unicast applications , 2000, SIGCOMM 2000.

[5]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[6]  Mark Handley,et al.  Equation-Based Congestion Control for Unicast Applications: the Extended Version , 2000 .

[7]  Wei Chen,et al.  An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently , 2008, J. Parallel Distributed Comput..

[8]  Philippe Owezarski,et al.  Some Issues raised by DoS Attacks and the TCP/IP Suite , 2005 .

[9]  Hannes Tschofenig,et al.  Protecting mobile devices from TCP flooding attacks , 2006, MobiArch '06.

[10]  Mark Handley,et al.  Equation-based congestion control for unicast applications , 2000, SIGCOMM.

[11]  V. Anil Kumar Sophistication in distributed denial-of-service attacks on the Internet , 2004 .

[12]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[13]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[14]  Pars Mutaf,et al.  Defending against a Denial-of-Service Attack on TCP , 1999, Recent Advances in Intrusion Detection.

[15]  Kyoungwon Suh A Practical Defense Against SYN Denial-of-Service Attacks , 2022 .

[16]  Prabhaker Mateti Security Issues in the TCP/IP Suite , 2007 .

[17]  Gordon A. Manson,et al.  An intelligent approach to prevent distributed systems attacks , 2002, Inf. Manag. Comput. Secur..