Analysis of a denial of service attack on TCP

Schuba, Christoph; Krsul, Ivan; Kühn, Markus; Spafford, Eugene H.; Sundaram, Arvind; Zamboni, Diego

doi:10.1109/secpri.1997.601338

Cited by 352 publications

(210 citation statements)

References 3 publications

Supporting

Mentioning

208

Contrasting

Unclassified

Order By: Relevance

“…Once the target host's resources are tired, no more incoming TCP connections can be recognized, thus denying further legitimate access [7]. During SYN flood attacks, the attacker sends SYN packets with non existing source IP addresses [14].…”

Section: Tcp Syn Flooding Attacksmentioning

confidence: 99%

Enhancing the Impregnability of Linux Servers

Rao¹,

R²,

A³

et al. 2014

IJNSA

View full text Add to dashboard Cite

show abstract

Section: Tcp Syn Flooding Attacksmentioning

confidence: 99%

Enhancing the Impregnability of Linux Servers

Rao¹,

R²,

A³

et al. 2014

IJNSA

View full text Add to dashboard Cite

show abstract

“…In such applications, computations involving the data must be made during an initial scan as the data "stream" by. (See for example [20,70,91,92,93,94,95,219,259,387,415].) Herzog, Shenker, and Estrin [192] considered the problem of finding a "one-pass" mechanism to implement game-theory-based allocation schemes in multicasting.…”

Section: Streaming Data In Game Theorymentioning

confidence: 99%

Computer science and decision theory

Roberts

2008

Ann Oper Res

View full text Add to dashboard Cite

This paper reviews applications in computer science that decision theorists have addressed for years, discusses the requirements posed by these applications that place great strain on decision theory/social science methods, and explores applications in the social and decision sciences of newer decision-theoretic methods developed with computer science applications in mind. The paper deals with the relation between computer science and decision-theoretic methods of consensus, with the relation between computer science and game theory and decisions, and with "algorithmic decision theory."

show abstract

“…It is presumed that administrative entities are trusted in either system, while policing is delegated; to hardware in the ATM setting, and to some lower layer through the Internet subnet-specific layer in the RSVP case. Some extensions for securing signaling are discussed by Schuba [9]. An additional limitation of these systems is that their policing is limited to bandwidth management.…”

Section: Related Work Qos Provision and Managementmentioning

confidence: 99%

Secure quality of service handling: SQoSH

et al. 2000

View full text Add to dashboard Cite

Proposals for programmable network infrastructures, such as active networks and open signaling, provide programmers with access to network resources and data structures. The motivation for providing these interfaces is accelerated introduction of new services, but exposure of the interfaces introduces many new security risks. The risks can be reduced or eliminated via appropriate restrictions on the exported interfaces. In this article we describe some of the security issues raised by active networks. We then describe our secure active network environment architecture. SANE was designed as a security infrastructure for active networks, and was implemented in the SwitchWare architecture. SANE restricts the actions loaded modules (including "capsules") can perform by restricting the resources that can be named; this is further extended to remote invocation by means of cryptographic credentials. SANE can be extended to support restricted control of quality of service in a programmable network element. The Piglet lightweight device kernel provides a "Virtual Clock" type of scheduling discipline for network traffic, and exports several tuning knobs with which the clock can be adjusted. The ALIEN active loader provides safe access to these knobs to modules that operate on the network element. Thus, the proposed SQoSH architecture is able to provide safe, secure access to network resources, while allowing these resources to be managed by end users needing customized networking services. A desirable consequence of SQoSH's integration of access control and resource control is that a large class of denial-of-service attacks, unaddressed solely with access control and cryptographic protocols, can now be prevented.

show abstract

Analysis of a denial of service attack on TCP

Cited by 352 publications

References 3 publications

Enhancing the Impregnability of Linux Servers

Enhancing the Impregnability of Linux Servers

Computer science and decision theory

Secure quality of service handling: SQoSH

Contact Info

Product

Resources

About