| Nowadays, SYN flooding attack is the representation of DDoS(Distributed Denial-Of-Service) attack. Most of the systems which protect against this kind of attack turn on the defense mechanism no matter the attack is underway or not. In the absence of SYN flooding attacks, all the overheads introduced by the defense mechanism become superfluous. With the PF(Packet Filter) subsystem on openBSD 4.3 and a SYN Flood detection mechanism named with SynFinDiff which is based on the protocol behavior of TCP SYN–FIN (RST) pairs, the paper proposes a protecting system for SYN flooding attacks with dynamic response strategy. The module of attack detection which is responsible for monitoring the network provides a real-time detection of attacks from the exterior network, and automatically starts the SYN proxy of PF subsystem once an attack is found; on the other hand, if there is no attack being detected, the SYN proxy subsystem will be shut down automatically to imporve the response time.Compared with the other two typical SYN flooding attack detection algorithm SynRate and PCF, SynFinDiff has good detection speed,better operating efficiency and needs less system resources, but it will take a very long time to return to a non-alert state when it deals with undesired network packets. The paper proposes a way to solve this kind of problem by creating a virtual network in the openBSD system and pre-filtering the incoming data.At last, the system is tested on a small Emulab network to defend the SYN flooding attack. The result shows out it has fast transient response when it under attack and better service efficiency than traditional static defence system. |
PDF Full Text Request