TCP connection is a connection oriented, reliable service. It uses 3 way handshake process to establish the connection. Distributed Denial of Service (DDoS) has emerged as one of the major threats to network security as evident from a series of attacks that shutdown some of the most popular websites. This attack prevents legitimate users from accessing the regular internet services by exhausting the victim's resources, and TCP SYN flooding attack is the most common type of DDoS attack. TCP SYN flooding exploits the TCP's 3-way handshake mechanism and its limitation in maintaining half open connection. The SYN flooding attack is very hard to detect, because it is difficult to distinguish between legitimate SYN packets and attack SYN packets at the victim's server. This paper concentrates on the different IP spoofing techniques like Random spoofed source address, Subnet spoofed source address, Fixed spoofed source address and the schemes to detect the DDoS attack. The different schemes are SYN-dog, SYN-cache, SYN-cookies. These schemes are effective only up to a particular extent. This paper concentrates more on a newly proposed scheme which is a router based scheme that uses Counting Bloom Filter algorithm and CUSUM algorithm. The new scheme is highly sensitive and always require a shorter time for the detection of both low intensity and high intensity attacks.
展开▼
