Client-controlled slow TCP and denial of service

Songlin Cai, Yong Liu, Weibo Gong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Denial of Service attacks are becoming an increasing threat to our information infrastructure. By exploiting vulnerability in existing protocols and infrastructures, malicious attackers consume resources in networks and servers to block or degrade the service to legitimate users. TCP is the dominant network transport protocol. It relies on the participating hosts' cooperation to make data transmission successful. This kind of trust has been exploited in some DoS attacks, such as SYN-flooding attack. In this paper, we investigate how a TCP client can extend the duration of its connection with a server only by setting the pace of sending back acknowledgement packets. Our study shows that the duration of a TCP connection could be extended tens of times without incurring timeout retransmission. This mechanism can potentially be used by attackers to launch DoS attacks by generating simultaneous prolonged TCP connections with the victim servers. Unlike SYN-flooding attacks, the low rate property of slow TCP connections makes the detection of this kind of attack difficult, which calls for a further study on this issue.

Original languageEnglish (US)
Title of host publicationProceedings of the IEEE Conference on Decision and Control
Pages81-86
Number of pages6
Volume1
StatePublished - 2004
Event2004 43rd IEEE Conference on Decision and Control (CDC) - Nassau, Bahamas
Duration: Dec 14 2004Dec 17 2004

Other

Other2004 43rd IEEE Conference on Decision and Control (CDC)
Country/TerritoryBahamas
CityNassau
Period12/14/0412/17/04

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality
  • Chemical Health and Safety

Fingerprint

Dive into the research topics of 'Client-controlled slow TCP and denial of service'. Together they form a unique fingerprint.

Cite this