H. Fujinoki and R.K. Boyapati (USA)
Network security, access control, denial-of-service attacks, TCP SYN-flood attacks, flash crowd
This paper presents our on-going project on performance evaluation of the major existing solutions based on server side access control for SYN-flooding distributed denial of-service attacks using a real network system. Although many solutions have been proposed and implemented, there is no formal performance study that measures and compares the solutions based on server-side access control. The successful connection rate of the existing solutions was measured, compared and analyzed using an experiment test bed developed by LINUX-based PCs. We have tested SYN-cookie, Random Drop and the unmodified TCP in various conditions. We also simulated different types of legitimate clients in the end-to-end signal propagation delay to evaluate the fairness in connections. The results of our experiments showed that SYN-cookie resulted in the perfect (i.e., 100%) connection rate in all the experiments and configurations. Regardless of the length of the end-to-end delay, the connection rate of the unmodified TCP dropped to below 5% for a low request rate of 50 requests per second or more. Random Drop was more effective in improving connection rate than the unmodified TCP if the end-to-end delay was short or when the TCP backlog queue size was increased to more then 300 slots.
Important Links:
Go Back
