TCP Based Denial-of-Service Attacks to Edge Network: Analysis and Detection

  • V. Anil Kumar
  • Dorgham Sisalem
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3356)

Abstract

Congestion control algorithms in TCP are designed for a co-operative environment with the assumption that the end hosts voluntarily participate in the congestion control process. The steady growth of malicious activities such as Denial-of-Service attacks (DoS) reveals that the Internet no longer remains as a network of only trusted entities. We focus on a special class of DoS attacks targeted to edge networks by exploiting the vulnerabilities of TCP congestion control to duplicate and optimistic acknowledgement spoofing. We analyse two DoS attack scenarios namely pulse and sustained attack arising from two different behaviours of the attacker. Our results show that such attacks are feasible and also reveal the negative impact of the attacks on the target. We present a method for detecting such attacks by passively monitoring the traffic of the targeted network. The detection is achieved by differentiating malicious streams of duplicate and optimistic acknowledgments from normal acknowledgments....

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Savage, S., Cardwell, N., Wetherall, D., Anderson, T.: TCP congestion control with Misbehaving receiver. Computer Communication Review 29(5), 71–78 (1999)CrossRefGoogle Scholar
  2. 2.
    Jacobson, V.: Congestion avoidance and control. In: Proceedings of SIGCOMM, pp. 314–329 (1988)Google Scholar
  3. 3.
    Jacobson, V.: Modified TCP congestion Avoidance Algorithm. Technical report LBL (April 1990)Google Scholar
  4. 4.
    Allman, M., Paxson, V., Stevens, W.: TCP Congestion Control. RFC 2581 (April 1999)Google Scholar
  5. 5.
    Balakrishnan, H., Padmanabhan, V.N., Seshan, S., Stemm, M., Katz, R.H.: TCP Behavior of a Busy Internet Server: Analysis and Improvements. In: Proceedings of IEEE Infocom (March 1999)Google Scholar
  6. 6.
    Allman, M., Balakrishnan, H., Floyd, S.: Enhancing TCP’s Loss Recovery Using Limited Transmit. RFC 3042 (January 2001)Google Scholar
  7. 7.
    Paxson, V., Allman, M.: Computing TCP’s Retransmission Timer. RFC 2988 (November 2000)Google Scholar
  8. 8.
    Fall, K., Floyd, S.: Simulation based Comparison of Tahoe, Reno, and SACK TCP. Computer communication Review (July 1996)Google Scholar
  9. 9.
    Kuzmanovic, A., Knighty, E.W.: Low-Rate TCP-Targeted Denial of Service Attacks. In: Proceedings of ACM SIGCOMM (August 2003)Google Scholar
  10. 10.
    Network simulator version 2, http://www.isi.edu/nsnam/ns

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • V. Anil Kumar
    • 1
  • Dorgham Sisalem
    • 2
  1. 1.CSIR Centre for Mathematical Modelling and Computer SimulationIndia
  2. 2.Fraunhofer Institute for Open Communication SystemsGermany

Personalised recommendations