Client-controlled slow TCP and denial of service

Songlin Cai, Yong Liu, Weibo Gong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Denial of Service attacks are becoming an increasing threat to our information infrastructure. By exploiting vulnerability in existing protocols and infrastructures, malicious attackers consume resources in networks and servers to block or degrade the service to legitimate users. TCP is the dominant network transport protocol. It relies on the participating hosts' cooperation to make data transmission successful. This kind of trust has been exploited in some DoS attacks, such as SYN-flooding attack. In this paper, we investigate how a TCP client can extend the duration of its connection with a server only by setting the pace of sending back acknowledgement packets. Our study shows that the duration of a TCP connection could be extended tens of times without incurring timeout retransmission. This mechanism can potentially be used by attackers to launch DoS attacks by generating simultaneous prolonged TCP connections with the victim servers. Unlike SYN-flooding attacks, the low rate property of slow TCP connections makes the detection of this kind of attack difficult, which calls for a further study on this issue.

Original languageEnglish (US)
Title of host publicationProceedings of the IEEE Conference on Decision and Control
Pages81-86
Number of pages6
Volume1
StatePublished - 2004
Event2004 43rd IEEE Conference on Decision and Control (CDC) - Nassau, Bahamas
Duration: Dec 14 2004Dec 17 2004

Other

Other2004 43rd IEEE Conference on Decision and Control (CDC)
CountryBahamas
CityNassau
Period12/14/0412/17/04

Fingerprint

Servers
Network protocols
Data communication systems
Denial-of-service attack

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality
  • Chemical Health and Safety

Cite this

Cai, S., Liu, Y., & Gong, W. (2004). Client-controlled slow TCP and denial of service. In Proceedings of the IEEE Conference on Decision and Control (Vol. 1, pp. 81-86). [TuA03.2]

Client-controlled slow TCP and denial of service. / Cai, Songlin; Liu, Yong; Gong, Weibo.

Proceedings of the IEEE Conference on Decision and Control. Vol. 1 2004. p. 81-86 TuA03.2.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Cai, S, Liu, Y & Gong, W 2004, Client-controlled slow TCP and denial of service. in Proceedings of the IEEE Conference on Decision and Control. vol. 1, TuA03.2, pp. 81-86, 2004 43rd IEEE Conference on Decision and Control (CDC), Nassau, Bahamas, 12/14/04.
Cai S, Liu Y, Gong W. Client-controlled slow TCP and denial of service. In Proceedings of the IEEE Conference on Decision and Control. Vol. 1. 2004. p. 81-86. TuA03.2
Cai, Songlin ; Liu, Yong ; Gong, Weibo. / Client-controlled slow TCP and denial of service. Proceedings of the IEEE Conference on Decision and Control. Vol. 1 2004. pp. 81-86
@inproceedings{003364809d554b80be4bdd6541eced5f,
title = "Client-controlled slow TCP and denial of service",
abstract = "Denial of Service attacks are becoming an increasing threat to our information infrastructure. By exploiting vulnerability in existing protocols and infrastructures, malicious attackers consume resources in networks and servers to block or degrade the service to legitimate users. TCP is the dominant network transport protocol. It relies on the participating hosts' cooperation to make data transmission successful. This kind of trust has been exploited in some DoS attacks, such as SYN-flooding attack. In this paper, we investigate how a TCP client can extend the duration of its connection with a server only by setting the pace of sending back acknowledgement packets. Our study shows that the duration of a TCP connection could be extended tens of times without incurring timeout retransmission. This mechanism can potentially be used by attackers to launch DoS attacks by generating simultaneous prolonged TCP connections with the victim servers. Unlike SYN-flooding attacks, the low rate property of slow TCP connections makes the detection of this kind of attack difficult, which calls for a further study on this issue.",
author = "Songlin Cai and Yong Liu and Weibo Gong",
year = "2004",
language = "English (US)",
volume = "1",
pages = "81--86",
booktitle = "Proceedings of the IEEE Conference on Decision and Control",

}

TY - GEN

T1 - Client-controlled slow TCP and denial of service

AU - Cai, Songlin

AU - Liu, Yong

AU - Gong, Weibo

PY - 2004

Y1 - 2004

N2 - Denial of Service attacks are becoming an increasing threat to our information infrastructure. By exploiting vulnerability in existing protocols and infrastructures, malicious attackers consume resources in networks and servers to block or degrade the service to legitimate users. TCP is the dominant network transport protocol. It relies on the participating hosts' cooperation to make data transmission successful. This kind of trust has been exploited in some DoS attacks, such as SYN-flooding attack. In this paper, we investigate how a TCP client can extend the duration of its connection with a server only by setting the pace of sending back acknowledgement packets. Our study shows that the duration of a TCP connection could be extended tens of times without incurring timeout retransmission. This mechanism can potentially be used by attackers to launch DoS attacks by generating simultaneous prolonged TCP connections with the victim servers. Unlike SYN-flooding attacks, the low rate property of slow TCP connections makes the detection of this kind of attack difficult, which calls for a further study on this issue.

AB - Denial of Service attacks are becoming an increasing threat to our information infrastructure. By exploiting vulnerability in existing protocols and infrastructures, malicious attackers consume resources in networks and servers to block or degrade the service to legitimate users. TCP is the dominant network transport protocol. It relies on the participating hosts' cooperation to make data transmission successful. This kind of trust has been exploited in some DoS attacks, such as SYN-flooding attack. In this paper, we investigate how a TCP client can extend the duration of its connection with a server only by setting the pace of sending back acknowledgement packets. Our study shows that the duration of a TCP connection could be extended tens of times without incurring timeout retransmission. This mechanism can potentially be used by attackers to launch DoS attacks by generating simultaneous prolonged TCP connections with the victim servers. Unlike SYN-flooding attacks, the low rate property of slow TCP connections makes the detection of this kind of attack difficult, which calls for a further study on this issue.

UR - http://www.scopus.com/inward/record.url?scp=14344266345&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=14344266345&partnerID=8YFLogxK

M3 - Conference contribution

VL - 1

SP - 81

EP - 86

BT - Proceedings of the IEEE Conference on Decision and Control

ER -