CNoA: Challenging Number Approach for uncovering TCP SYN flooding using SYN spoofing attack (1110.1753v1)

Abstract: The challenging number is used for the detection of Spoofing attack. The IP Spoofing is considered to be one of the potentially brutal attack which acts as a tool for the DDoS attack which is considered to be a major threat among security problems in today's internet. These kinds of attack are extremely severe. They bring down business of company drastically. DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. There are attacks exploiting some vulnerability or implementation bug in the software implementation of a service to bring that down and some attacks will use all the available resources at the target machine. This deals on attacks that consume all the bandwidth available to the victim machine. While concentrating on the bandwidth attack the TCP SYN flood is the more prominent attack. TCP/IP protocol suite is the most widely used protocol suite for data communication. The TCP SYN flood works by exhausting the TCP connection queue of the host and thus denying legitimate connection request. There are various methods used to detect and prevent this attack, one of which is to block the packet based on SYN flag count from the same IP address. This kind of prevention methods becomes unsuitable when the attackers use the Spoofed IP address. The SYN spoofing becomes a major tool the TCP SYN flooding. For the prevention of this kind of attacks, the TCP specific probing is used in the proposed scheme where the client is requested challenging number while sending the ACK in the three way hand shake. This is very useful to find the Spoofed IP Packets/TCP SYN flood and preventing them.