Research on Protecting Against SYN Flooding on a Firewall

1　IntroductionTheSYNFloodingattacksexploitTCP sthree wayhand shakemechanismanditslimitationinmaintaininghalf openconnections,andareper formedbytheattackersubmittingastreamofTCPSYN (connectionrequest)packetstothetargetsys tem ,fillingitsconnectionrequestqueue,andthusdenyinglegitimateusers accesstothetargetsys tem[1 ] .SYNFloodingdoesgreatharmtopopularwebsites,especiallytoe Businessones.Severalapproacheshavebeen proposedtocounterSYNfloodingattacks.SYNCache[2 ] andSYNCookie[3] canmiti…

Research on Protecting Against SYN Flooding on a Firewall

SYN proxy is a firewall's solution to protect against SYN flooding. It plays well under the low rate of attacks, but stumbles under heavy loads. In this paper, a novel approach based on SYN proxy is introduced, its design explained, and its performance evaluated. In this approach, the hash table is used to save half-connection states under light loads, and SYN cookie used under heavy loads. A bitmap is introduced into buckets of the hash table, which speedups of the lookup under SYN Flooding. Bucket length of the hash table is limited to a predefined value, thereby the performance degradation is prevented. A firewall implementing our proposal is tested, which shows that good performance is achieved.