CSIR Central

Analysis and Mitigation of Reflector based Distributed Denial of Service Attacks

IR@C-MMACS: CSIR-Centre for Mathematical Modelling and Computer Simulation, Bangalore

View Archive Info
 
 
Field Value
 
Title Analysis and Mitigation of Reflector based Distributed Denial of Service Attacks
 
Creator S, Sivapooranam
V, Anil Kumar
Patra, G K
Iyengar, N.Ch.S.N
 
Subject Computer Programming and Software
 
Description In this paper, we propose a distributed packet filtering technique to detect and filter out TCP packets with spoofed source IP address used for Distributed Reflection Denial of Service (DRDoS) attacks. We first provide an analysis of the attack scenario in which the well-known three-way handshake process of TCP is exploited in a distributed manner to cause flooding denial of service attacks, and then propose the filtering scheme to mitigate the attack impact. The proposed scheme makes use of information in the Time-to-Live (TTL) field of IP packets to differentiate and filter out spoofed packets at the reflector level. The TCP server, which is exploited as reflector, monitors the incoming RST packets in response to its SYN/ACK packets, and extracts the TTL count from the RST packets. This TTL count is compared with the TTL count of further SYN packets to make the filtering decision. Apart from explaining the concept, we also provide preliminary simulation results to demonstrate the potential of TTL based filtering scheme.
 
Date 2010
 
Type Article
PeerReviewed
 
Format application/pdf
 
Identifier http://cir.cmmacs.ernet.in/44/1/JCMS_anil.pdf
S, Sivapooranam and V, Anil Kumar and Patra, G K and Iyengar, N.Ch.S.N (2010) Analysis and Mitigation of Reflector based Distributed Denial of Service Attacks. Journal of Computer and Mathematical Sciences, 1 (3). pp. 354-362. ISSN 0976-5727
 
Relation http://compmathsjournal.com/
http://cir.cmmacs.ernet.in/44/