preventing syn flood dos attacks
advertisement
Conference Session A14 Paper #1 Disclaimer — This paper partially fulfills a writing requirement for first year (freshman) engineering students at the University of Pittsburgh Swanson School of Engineering. This paper is a student, not a professional, paper. This paper is based on publicly available information and may not be provide complete analyses of all relevant data. If this paper is used for any purpose other than these authors’ partial fulfillment of a writing requirement for first year (freshman) engineering students at the University of Pittsburgh Swanson School of Engineering, the user does so at his or her own risk. PREVENTING SYN FLOOD DOS ATTACKS Brian Maher, bkm28@pitt.edu, Bursic, 2:00, Thomas Bui, tnb100@pitt.edu, Lora, 6:00 SYN FLOOD ATTACKS As computer technology becomes more unique and complicated, the need for cybersecurity has increased. In particular, SYN flood denial of service, or DoS, attacks have become extremely popular and effective throughout the hacking community. Hackers DoS servers or computers to target valuable information such as credit card information and perhaps even social security numbers. These attacks cause computer machines or servers unavailable to the intended users. SYN flood, a type of DoS attack, begins when the client system begins by sending a SYN message to server. Second, the server must acknowledge the SYN/ACK message by sending back a SYN message back to the server or client. Lastly, the server acknowledges the SYN message by sending a SYN/ACK message to the host. These three steps are known to be a “three-way handshake’. In other words, SYN flooding sends too many packets to a single server overloading the server and using all resources and memory of the server. Every year there are countless hacked e-mails and other types of fraud. Countless people have access to the internet nowadays, and anybody that has internet access, is open to SYN flooding. Furthermore, these attacks can be launched at specific hosts such as somebody’s router or a network server system. As of right now, it is almost impossible to eliminate every IP-spoofed packet. However, there are still ways to decrease the possibility of this happening and even ways to know if there is an incoming “spoof packet”. If not dealt with immediately, SSYN flooding can remain unnoticed and potentially crash entire networks or websites. For example, if one worked in the e-commerce of medical field, and a server suddenly experienced SYN flooding, valuable resources and real-time services would be lost. The first step to fixing a problem, is recognizing that there is a problem. Everybody must first understand what a DoS attack is. My partner and I would explain and define what a denial of service attack. After that, we would explain the many types of DoS attacks available but specifically explain how SYN flooding works. Next, the dangers of SYN flooding would be our next topic. Only after knowing how it works can someone understand how dangerous it can be. After being able to understand how SYN flooding works and the dangers, we would explain how to prevent and protect oneself from any future SYN flooding attacks. The knowledge of how SYN flooding works leads a user to detect an impending attack and stop it before it ever occurs. ANNOTATED BIBLIOGRAPHY REFERENCES [1] M. Bogdanoski (2013). “Analysis of the SYN Flood DoS Attack” (Online Article) http://www.mecs-press.org/ijcnis/ijcnis-v5n8/IJCNIS-V5-N8-1.pdf This online article that was published by a refereed research paper publisher. It explains the types of systems that can most vulnerable to the DoS, specifically SYN flood, attacks and a detailed description of what exactly the attacks are. This article analyzes the effects of a SYN flood attack on a system. This will help us what SYN flood attacks are and what systems should be most conscious of a possible attack. [2] K. Geetha (2014). “SYN Flooding Attack – Identification and Analysis” (Online Article) http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=7033828#.V pW_iFvqtLU.link This article was published for a recent International Conference on Information Communication, and details the impacts of the SYN flood attacks on servers. It goes into the attack nodes that send the TCP SYN requests and follows the entire process from start to finish. This will help me and my partner adequately explain the process in our paper. SOURCES CONSULTED D. Boteanu (Oct. 2013). “A Comprehensive Study of Queue Management as a DoS Counter-Measure” (Online Article) University of Pittsburgh Swanson School of Engineering 1 Submission Date Brian Maher Thomas Bui http://search.ebscohost.com/login.aspx?direct=true&db=aph &AN=90290396&site=ehost-live This article is from a peer-reviewed journal focuses on the defense against the DoS attacks, in particular SYN flood attacks. This article explains the basic model for an attack, meaning why it happens and what the aim of the attack is. This article will be an important one when we explain the purpose of these attacks and why people use them to do the things they are capable of. This article is from a periodical that publishes writings that can help enterprises learn about all things involving the computers. This article talks about the risks of DoS attacks and their effects on the internet and its security. It specifically talks about the networking of computers during a SYN flood attack and the different attack sizes that occur. This will help us when we are explaining the variety of attacks that SYN floods are used for. S. Mercyshalinie (Dec. 2014). “Defense Against DoS Attack: PSO Approach In Virtualization” (Online Article) http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=7229709#.V pXAv3BDEFs.link This article was published for an Advanced Computing Conference and explains how to defend against DoS attacks. It briefly explains what a SYN flood attack is and what its purpose may be, then it gets into why it is important that we have a form of defense against it. Lastly, it proposes a viable solution and even shows a study on the data that they collected regarding using their method of defense. This article will be critical when we asses the ways to disrupt and stop an attack. D.Deepthi (Oct. 2013) “TCP SYN Flood Attack Detection And Prevention” (Online Article) http://ijcttjournal.org/Volume4/issue-10/IJCTTV4I10P107.pdf This article is from a peer-reviewed journal publisher and talks about the trustworthiness of servers when there are attacks such as SYN floods that they are extremely vulnerable to. It also states the wide area that the attacks can be used on, one of the most frightening is halting online transactions. This paper explains what the attacks are and a simple way to stop them. This will be very important when me and my partner need to elaborate on how the SYN flood attacks are used. T. Eyck (Jul. 2014). “Coding Freedom: The Ethics and Aesthetics of Hacking” (Online Book) http://search.ebscohost.com/login.aspx?direct=true&AuthTyp e=ip,uid&db=sih&AN=96868922&scope=site This online book was published as a set of journal reviews for many different articles. This article analyzes the ethics of hacking in the community. This report goes into examples of hackers and the damage they have done to communities. It also states how they can benefit society but revealing behind the scenes things the public should know. This source will be integral for us when we try to analyze the ethics of SYN flood attacks. S. Jamali (Aug. 2014). “Defense Against SYN Flooding Attacks: A Particle Swarm Optimization Approach” (Online Textbook) http://www.sciencedirect.com/science/article/pii/S004579061 4001591 This is a section of a textbook that was published for computer and electrical engineering education. The text details what SYN flood attacks are and how each attack can vary from one another. It then proposes an alternative method of defense against DoS attacks. This defense treats the attack as an optimization problem and uses PSO algorithms to solve it. They believe that this will not fully defends against it but decrease the attacks effectiveness. This will be important when we try to explain the defensive side of DoS attacks. S. Kerner (Jul. 2015). “DDoS Attacks Overwhelm Targets With Ever Rising Data Floods” (Online Arcticle) http://search.ebscohost.com/login.aspx?direct=true&db=aph &AN=109363719&site=ehost-live 2
