TCP Based Denial-of-Service Attacks to Edge Network: Analysis and Detection
Congestion control algorithms in TCP are designed for a co-operative environment with the assumption that the end hosts voluntarily participate in the congestion control process. The steady growth of malicious activities such as Denial-of-Service attacks (DoS) reveals that the Internet no longer remains as a network of only trusted entities. We focus on a special class of DoS attacks targeted to edge networks by exploiting the vulnerabilities of TCP congestion control to duplicate and optimistic acknowledgement spoofing. We analyse two DoS attack scenarios namely pulse and sustained attack arising from two different behaviours of the attacker. Our results show that such attacks are feasible and also reveal the negative impact of the attacks on the target. We present a method for detecting such attacks by passively monitoring the traffic of the targeted network. The detection is achieved by differentiating malicious streams of duplicate and optimistic acknowledgments from normal acknowledgments....
KeywordsPacket Loss Congestion Control Fast Recovery Edge Network Buffer Occupancy
Unable to display preview. Download preview PDF.
- 2.Jacobson, V.: Congestion avoidance and control. In: Proceedings of SIGCOMM, pp. 314–329 (1988)Google Scholar
- 3.Jacobson, V.: Modified TCP congestion Avoidance Algorithm. Technical report LBL (April 1990)Google Scholar
- 4.Allman, M., Paxson, V., Stevens, W.: TCP Congestion Control. RFC 2581 (April 1999)Google Scholar
- 5.Balakrishnan, H., Padmanabhan, V.N., Seshan, S., Stemm, M., Katz, R.H.: TCP Behavior of a Busy Internet Server: Analysis and Improvements. In: Proceedings of IEEE Infocom (March 1999)Google Scholar
- 6.Allman, M., Balakrishnan, H., Floyd, S.: Enhancing TCP’s Loss Recovery Using Limited Transmit. RFC 3042 (January 2001)Google Scholar
- 7.Paxson, V., Allman, M.: Computing TCP’s Retransmission Timer. RFC 2988 (November 2000)Google Scholar
- 8.Fall, K., Floyd, S.: Simulation based Comparison of Tahoe, Reno, and SACK TCP. Computer communication Review (July 1996)Google Scholar
- 9.Kuzmanovic, A., Knighty, E.W.: Low-Rate TCP-Targeted Denial of Service Attacks. In: Proceedings of ACM SIGCOMM (August 2003)Google Scholar
- 10.Network simulator version 2, http://www.isi.edu/nsnam/ns