cookie思想在TCP与SCTP中的应用

典型的Dos攻击—SYNflood—对于使用传统TCP协议的网络服务来说是一个很头疼的问题,应对这个问题的一个有效方案是Bernstein提出的SYNcookies方法,而SCTP也使用了类似的机制。本文将探讨TCP与SCTP中是怎样利用cookie的思想来防范Dos攻击的,并用实验比较TCP与SCTP在抵御Dos攻击时的实际性能。     

对一种DoS攻击的分析及防范策略研究

Web服务器常常遭到来自外部网络主机的拒绝服务攻击,其中,SYN flood攻击是最常见的一种。攻击者使用伪造的源地址向服务器发送大量的TCP连接请求,致使服务器为每一个连接请求分配资源直至资源耗尽,因此,合法用户的正常访问也因为无法建立TCP连接而被拒绝。分析了SYN flood攻击的基本原理,对现有的几种处理资源耗尽及伪造源地址的方法进行了分析,指出了它们的优缺点。     

基于Linux平台的新的SYN Flood防御模型研究

SYN Flood是一种典型的拒绝服务攻击技术,它利用TCP协议的安全漏洞危害网络,目前还没有很好的办法彻底解决SYN Flood攻击问题。分析了3种现有的SYN Flood防御模型:SYN Cookie、SYN Gateway和SYN Proxy,提出了增强的SYN Proxy防御模型,研究了其相关的防御算法,并基于Linux平台进行了实现,最后对防御模型进行了测试。测试结果表明,增强的SYN Proxy模型能抵御高强度的SYN Flood攻击,较之现有的模型有更好的优越性。     

黑洞SYN Flood攻击的终结者

前一阵子我管理的局域网被SYN Flood方式攻击了，造成了严重的瘫痪。为了解决问题，公司选购了专门防范DoS(SYN Flood攻击是Dos攻击方式中的一种)攻击的硬件防火墙——“黑洞”(“绿盟”出品的硬件防火墙，市场售价160000元左右)。但它是否能够有效地防止SYN Flood攻击呢?让我拿数据来证明一切。     

一种基于无状态连接请求验证的SYN湮没攻击防御方法

已有SYN湮没攻击检测防御技术存在一个共性缺陷，就是在验证连接请求有效前分配一定的系统资源保存连接状态，基于无状态连接请求验证的方法可以有效地解决这一问题，但已有的方法存在验证有效后无法完整建立TCP连接、通讯双方状态不一致等问题．本文提出一种新的基于无状态连接请求验证的网关级SYN湮没攻击防御方法，该方法在解决已有问题并兼容现有TCP／IP协议栈实现的基础上，可实现对不同操作系统SYN湮没攻击的有效防御．     

浅议TCP SYN Flooding攻击

介绍了TCP协议建立连接的过程及存在的安全问题，以及由此而引起的TCP SYN Flooding(TCP SYN洪流)拒绝服务攻击，并介绍了几种简便有效的防范措施。     

Linux下基于SYN Cookie的防SYN Flood攻击的实现与改进

DoS的思想是用大量的数据包来攻击服务器,降低服务器的性能。SYN Flood攻击是DoS攻击的一种重要形式,它是利用TCP协议3次握手时的漏洞对服务器进行攻击。介绍了SYN Flood的攻击原理,研究了Linux 2.6内核下SYN Cookie的实现,并在此基础上提出了一种改进方法。     

在路由器上用SYN Cookie实现SYN Flood的防御

SYN Flood是目前流行的DDOS攻击手段,能够极为有效地攻击网站服务器,使得服务器资源耗尽而无法提供正常服务.由于利用了TCP/IP的协议漏洞,很难从根本上进行防范.给出一种在路由器上利用SYN Cookie机制实现对SYN Flood的防御,能够有效地保护服务器不受SYN Flood攻击,同时不会增加路由器的负担.     

SYN Flood攻击的原理机制/检测与防范措施

SYN-Flood是目前最流行的DDoS攻击手段。是一种蓄意侵入三次握手并打开大量半开TCP／IP连接而进行的攻击。本文介绍了SYN Flood攻击的原理机制／检测与防范方法。     

基于轻量级检测和混合连接策略的SYN Flood防御方法

为了有效防御分布式SYN Flood攻击,提出一种基于轻量级检测和混合连接策略的防御模型。该防御模型使用客户端IP地址和TCP端口的熵、SYN和ACK报文的径向基进行SYN Flood攻击检测,并根据检测结果选择标准TCP连接模式和基于防火墙代理的连接模式。基于防火墙代理的连接模式能够避免SYN Proxy防御模型中频繁修改TCP报文序列号、确认号的操作。实验结果表明,该防御模型能够有效降低防火墙的资源消耗,具有更好的防御效果。     

Evaluating TCP-friendliness in light of Concurrent Multipath Transfer

In prior work, a CMT protocol using SCTP multihoming (termed SCTP-based CMT) was proposed and investigated for improving application throughput. SCTP-based CMT was studied in (bottleneck-independent) wired networking scenarios with ns-2 simulations. This paper studies the TCP-friendliness of CMT in the Internet. In this paper, we surveyed historical developments of the TCP-friendliness concept and argued that the original TCP-friendliness doctrine should be extended to incorporate multihoming and SCTP-based CMT.Since CMT is based on (single-homed) SCTP, we first investigated TCP-friendliness of single-homed SCTP. We discovered that although SCTP’s congestion control mechanisms were intended to be “similar” to TCP’s, being a newer protocol, SCTP specification has some of the proposed TCP enhancements already incorporated which results in SCTP performing better than TCP. Therefore, SCTP obtains larger share of the bandwidth when competing with a TCP flavor that does not have similar enhancements. We concluded that SCTP is TCP-friendly, but achieves higher throughput than TCP, due to SCTP’s better loss recovery mechanisms just as TCP-SACK and TCP-Reno perform better than TCP-Tahoe.We then investigated the TCP-friendliness of CMT. Via QualNet simulations, we found out that one two-homed CMT association has similar or worse performance (for smaller number of competing TCP flows) than the aggregated performance of two independent, single-homed SCTP associations while sharing the link with other TCP connections, for the reason that a CMT flow creates a burstier data traffic than independent SCTP flows. When compared to the aggregated performance of two-independent TCP connections, one two-homed CMT obtains a higher share of the tight link bandwidth because of better loss recovery mechanisms in CMT. In addition, sharing of ACK information makes CMT more resilient to losses. Although CMT obtains higher throughput than two independent TCP flows, CMT’s AIMD-based congestion control mechanism allows other TCP flows to co-exist in the network. Therefore, we concluded that CMT is TCP-friendly, similar to two TCP-Reno flows are TCP-friendly when compared to two TCP-Tahoe flows.     

SCTP传输MPEG4视频流的性能分析

为了在IP分组网络上传输N0.7信令，IETF信令传输工作组专门制定了流量控制传输协议(SCTP)。该文对SCTP与TCP进行了比较，分析了CCTP适合于信令和多媒体传输的特性，研究了用SCTP传输MPEG4视频流的性能，并进行了仿真和分析。最后讨论了SCTP其它的一些可能的应用。     

SCTP: a proposed standard for robust Internet data transport

The stream control transmission protocol (SCTP) is an evolving general purpose Internet transport protocol designed to bridge the gap between TCP and UDP. SCTP evolved from a telephony signaling protocol for IP networks and is now a proposed standard with the Internet Engineering Task Force. Like TCP, SCTP provides a reliable, full-duplex connection and mechanisms to control network congestion. However, SCTP expands transport layer possibilities beyond TCP and UDP, offering new delivery options that are particularly desirable for telephony signaling and multimedia applications.     

SCTP: What, Why, and How

Similar to TCP and UDP, the stream control transmission protocol (SCTP) is a transport protocol providing end-to-end communication. SCTP was originally designed within the IETF Signaling Transport (SIGTRAN) working group to address TCP's shortcomings relating to telephony signaling over IP networks. SCTP has since evolved into a general-purpose IETF transport protocol with kernel implementations on various platforms. Similar to TCP, SCTP provides a connection-oriented, reliable, full- duplex, congestion and flow-controlled layer 4 channel. Unlike both TCP and UDP, however, SCTP offers new delivery options that better match diverse applications' needs. Here, we introduce SCTP, discuss its innovative services, and outline ongoing SCTP-related research and standardization activities.     

SCTP传输性能研究

流控制传输协议SCTP是一种新型的传输层协议,主要用于在IP网上传输PSTN信令。将SCTP与TCP、UDP在一般的网络环境下进行了比较,发现SCTP的传输性能与TCP、UDP的相差甚远;同时将SCTP不同流数下的传输性能进行了比较,发现SCTP的传输性能与传输数据的流数、传输的数据量之间存在关系。基于实验数据,分析了SCTP与TCP、UDP在传输性能方面的差距的可能原因,并提出了相应的解决方法。     

Enabling PVM to exploit the SCTP protocol

Recently, a new general purpose transport protocol, called SCTP, has been standardized by the IETF to be used in IP based applications. The features of SCTP, compared with TCP, better support the communication requirements of parallel applications and have motivated the development of SCTP-PVM, a PVM extension, that uses SCTP for direct communications among tasks. Using the LK-SCTP open source kernel module implementation of SCTP, we have compared the performances of SCTP-PVM with the standard version of PVM that, through the PvmRouteDirect directive, uses TCP. Due to the vast difference in the maturity level of both protocols where TCP, unlike SCTP, is able to offload checksum calculations and transport segmentations in hardware, in the tests performed, we have disabled the TCP hardware transport segmentations and we have analyzed the behaviour of SCTP-PVM both with the checksum enabled and disabled. SCTP-PVM, with the checksum disabled, resulted better as the messages exchanged among tasks increase. In addition, thanks to the SCTP multi-streaming feature, SCTP-PVM achieved higher throughput in error prone networks. On the other hand, due to the high-protocol processing cost of the checksum enabled, SCTP-PVM resulted slower. Finally, the SCTP-PVM extension has been designed to easily enable existing PVM applications to use the SCTP protocol features.     

SCTP与TCP的比较分析

随着VoIP和第3代移动通信的发展，SCTP协议的使用将会越来越多。从分组结构、安全性、多归属、流、数据的发送和接收等几个方面对SCTP和TCP进行了分析比较。说明了为什么SCTP比TCP更适合传送PSTN信令。     

基于SCTP的客户/服务器的设计与实现

随着IP网向多业务网的发展,新一代运输层协议SCTP会逐渐替代TCP在下一代网络中获得更加广泛的应用。分析了SCTP/IP协议栈中数据传输过程,介绍了SCTP协议所提供给开发人员的套接口编程模型,并给出一个在Uinx/Linux系统上利用一到多形式套接口模型开发客户/服务器应用的示例。