DeepAI
Log In Sign Up

Me Love (SYN-)Cookies: SYN Flood Mitigation in Programmable Data Planes

03/06/2020
by   Dominik Scholz, et al.
0

The SYN flood attack is a common attack strategy on the Internet, which tries to overload services with requests leading to a Denial-of-Service (DoS). Highly asymmetric costs for connection setup - putting the main burden on the attackee - make SYN flooding an efficient and popular DoS attack strategy. Abusing the widely used TCP as an attack vector complicates the detection of malicious traffic and its prevention utilizing naive connection blocking strategies. Modern programmable data plane devices are capable of handling traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms. Further, we fully disclose the artifacts leading to the experiments described in this work.

READ FULL TEXT
12/13/2018

LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes

While there are various methods to detect application layer attacks or i...
07/27/2021

Poisoning of Online Learning Filters: DDoS Attacks and Countermeasures

The recent advancements in machine learning have led to a wave of intere...
04/11/2021

Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4

Distributed Denial-of-Service (DDoS) attacks represent a persistent thre...
10/01/2021

Evaluating Susceptibility of VPN Implementations to DoS Attacks Using Adversarial Testing

Many systems today rely heavily on virtual private network (VPN) technol...
01/24/2022

On the Complexity of Attacking Elliptic Curve Based Authentication Chips

In this paper we discuss the difficulties of mounting successful attack ...
05/02/2022

S0-No-More: A Z-Wave NonceGet Denial of Service Attack utilizing included but offline NodeIDs

In this paper a vulnerability in the Z-Wave protocol specification, espe...