|
One of the main problems of network security is the attack named Distributed Denial of Service (DDoS). The goal of DDoS attack is to exhaust victim server recourses so that legitimate users cannot access a service. Victims of DDoS attacks were famous Web sites like Yahoo!, eBay, Amazon.com. About 90 percent of DDoS attacks use vulnerabilities of TCP protocol. A well-known example of that is TCP SYN Flooding. The trend of SYN flooding protection is spoofed packets filtering. Other wide known protection is packets dropping policy. In this paper we present a comparison of mentioned defense mechanisms. Appropriated analysis is based on Markov chains. Some recommends concerning SYN protection tuning have been made.
Note. Abstracts are published in author's edition
Mail to Webmaster |
|Home Page| |English Part| |
![[SBRAS]](http://www-sbras.nsc.ru/gif/s_sigma.gif) Go to Home |