Abstract
Congestion control algorithms in TCP are designed for a co-operative environment with the assumption that the end hosts voluntarily participate in the congestion control process. The steady growth of malicious activities such as Denial-of-Service attacks (DoS) reveals that the Internet no longer remains as a network of only trusted entities. We focus on a special class of DoS attacks targeted to edge networks by exploiting the vulnerabilities of TCP congestion control to duplicate and optimistic acknowledgement spoofing. We analyse two DoS attack scenarios namely pulse and sustained attack arising from two different behaviours of the attacker. Our results show that such attacks are feasible and also reveal the negative impact of the attacks on the target. We present a method for detecting such attacks by passively monitoring the traffic of the targeted network. The detection is achieved by differentiating malicious streams of duplicate and optimistic acknowledgments from normal acknowledgments....
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Savage, S., Cardwell, N., Wetherall, D., Anderson, T.: TCP congestion control with Misbehaving receiver. Computer Communication Review 29(5), 71–78 (1999)
Jacobson, V.: Congestion avoidance and control. In: Proceedings of SIGCOMM, pp. 314–329 (1988)
Jacobson, V.: Modified TCP congestion Avoidance Algorithm. Technical report LBL (April 1990)
Allman, M., Paxson, V., Stevens, W.: TCP Congestion Control. RFC 2581 (April 1999)
Balakrishnan, H., Padmanabhan, V.N., Seshan, S., Stemm, M., Katz, R.H.: TCP Behavior of a Busy Internet Server: Analysis and Improvements. In: Proceedings of IEEE Infocom (March 1999)
Allman, M., Balakrishnan, H., Floyd, S.: Enhancing TCP’s Loss Recovery Using Limited Transmit. RFC 3042 (January 2001)
Paxson, V., Allman, M.: Computing TCP’s Retransmission Timer. RFC 2988 (November 2000)
Fall, K., Floyd, S.: Simulation based Comparison of Tahoe, Reno, and SACK TCP. Computer communication Review (July 1996)
Kuzmanovic, A., Knighty, E.W.: Low-Rate TCP-Targeted Denial of Service Attacks. In: Proceedings of ACM SIGCOMM (August 2003)
Network simulator version 2, http://www.isi.edu/nsnam/ns
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kumar, V.A., Sisalem, D. (2004). TCP Based Denial-of-Service Attacks to Edge Network: Analysis and Detection. In: Das, G., Gulati, V.P. (eds) Intelligent Information Technology. CIT 2004. Lecture Notes in Computer Science, vol 3356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30561-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-30561-3_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24126-3
Online ISBN: 978-3-540-30561-3
eBook Packages: Computer ScienceComputer Science (R0)