Advertisement

Neutralizing DoS Attacks on Linux Servers

  • G. Rama Koteswara RaoEmail author
  • A. Pathanjali Sastri
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 284)

Abstract

Worldwide IT industry is shifting towards Service Oriented Architecture at a fast pace. To meet this emerging scenario, most of the organizations are adopting business models such as cloud computing that are dependent on reliable server platforms. Linux servers are well ahead of other server platforms in terms of security. This brings network security to the forefront of major concerns to an organization. The most common form of attacks is a Denial of Service attack. This paper focuses on mechanisms to detect and immunize Linux servers from DoS.

Keywords

Internet Protocol Internet Protocol Address Service Attack Internet Control Message Protocol Backlog Queue 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    A.C. Snoeren, Hash-based IP Traceback, in Proceedings of the ACM SIGCOMM Conference, 2001, pp. 3–14Google Scholar
  2. 2.
    B.Q.M. AL-Musawi, Mitigating DoS/DDoS attacks using iptables. Int. J. Eng. Technol. IJET-IJENS 12(3) (2012)Google Scholar
  3. 3.
    B.B. Gupta, R.C. Joshi, M. Misra, Distributed Denial of Service prevention techniques. Int. J. Comput. Electr. Eng. 2(2), 268–275 (2010)CrossRefGoogle Scholar
  4. 4.
    B. Xiao, W. Chen, Y. He, An autonomous defense against SYN Flooding attacks: detect and throttle attacks at the victim side independently. J. Parallel Distrib. Comput., Elsevier 68, 456–470 (2007)Google Scholar
  5. 5.
    C. Patrikakis, M. Masikos, O. Zouraraki, Distributed Denial of Service attacks. Internet Protoc. J. 4 (2007). ISSN 1944-1134Google Scholar
  6. 6.
    C.-M. Cheng, H.T. Kung, Koan-Sin Tan, Use of spectral analysis in defense against DoS attacks, in Proceedings of IEEE GLOBECOM 2002, vol. 3, November 2002, pp. 2143–2148Google Scholar
  7. 7.
    C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, D. Zamboni, Analysis of a Denial of Service attack on TCP, in Proceedings of the 1997 I.E. Symposium on Security and Privacy, pp. 208Google Scholar
  8. 8.
    C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, D. Zamboni, Analysis of a Denial of Service attack on TCP, in Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Silver Spring, MD, 1997, pp. 208–223Google Scholar
  9. 9.
    F. Zeng, Research on TCP Initial Sequence Number prediction method based on adding-weight chaotic time series, in Proceedings of IEEE, ICYCS 2008, pp. 1511–1515Google Scholar
  10. 10.
    H. Wang, D. Zhang, K.G. Shin, Detecting SYN Flooding attacks, in Proceedings of IEEE INFOCOM 2002, June 2002, pp. 1530–1539Google Scholar
  11. 11.
    J. Sen, A robust mechanism for defending distributed denial of service attacks on web servers. Int. J. Netw. Secur. Appl. 3(2), 162–179 (2011)Google Scholar
  12. 12.
    K. Kumar, R. Joshi, K. Singh K, An integrated approach for defending against Distributed Denial of Service attacks (2002), http://www.cs.iitm.ernet.in/~iriss06/paper.html
  13. 13.
    L. Yun, G. Ye, W. Guiyi, Detect SYN Flooding attack in edge routers. Int. J. Secur. Appl. 3, 31–45 (2009)Google Scholar
  14. 14.
    L. Kavisankar, C. Chellapan, Challenging Number Approach for uncovering TCP SYN Flooding using SYN Flooding attack. Int. J. Netw. Secur. Appl. 3(5), 191–202 (2011)Google Scholar
  15. 15.
    M.E. Manna, A. Amphawan, Review of SYN-Flooding attack detection mechanism. Int. J. Distrib. Parallel Syst. 3(1), 99–117 (2012)CrossRefGoogle Scholar
  16. 16.
    M. Bogdanoski, A. Risteski, Wireless network behavior under ICMP ping flood DoS attack and mitigation techniques. Int. J. Commun. Netw. Info. Secur. 3(1), 17–24 (2011)Google Scholar
  17. 17.
    M. Voznak, J. Safarik, DoS attacks targeting SIP server and improvements of robustness. Int. J. Math. Comput. Simul. 6(1), 177–184 (2012)Google Scholar
  18. 18.
    N.A. Noureldien, M.O. Hussein, Block Spoofed Packets at Source (BSPS): a method for detecting and preventing all types of spoofed source IP packets and SYN Flooding packets at source: a theoretical framework. Int. J. Netw. Commun. 2(3), 33–37 (2012)CrossRefGoogle Scholar
  19. 19.
    O. Zheng, J. Poon, K. Beznosov, Application-based TCP Hijacking, in EUROSEC ‘09 Proceedings of the Second European Workshop on System Security, pp. 9–15Google Scholar
  20. 20.
    S. Pukkawanna, V. Visoottiviseth, P. Pongpaibool, Lightweight detection of DoS attack, in Proceedings of IEEE ICON2007, Adelaide, South Australia, November 2007Google Scholar
  21. 21.
    T. Anderson, T. Roscoe, D. Wetherall, Preventing Internet Denial-of-Service with Capabilities, Intel Research Berkeley, Intel Corporation, Copyright 2003Google Scholar
  22. 22.
    W.M. Eddy, Defenses against TCP SYN Flooding attacks. Internet Protoc. J. 9(4) (2006)Google Scholar
  23. 23.
    W. Liu, Research on DoS attack and detection programming, in 2009 Third International Symposium on Intelligent Information Technology Application, vol. 1, IEEE Computer Society Washington, DC, pp. 207–210. ISBN 978-0-7695-3859-4Google Scholar
  24. 24.
    X. Yang, Typical DoS/DDoS threats under IPv6, in Computing in the Global Information Technology, ICCGI 2007, pp. 55. ISBN 0-7695-2798-1Google Scholar
  25. 25.
    Y. Chen, S. Das, P. Dhar, A. El Saddik, A. Nayak, Detecting and preventing IP-spoofed distributed DoS attacks. Int. J. Netw. Secur. 7(1), 70–81 (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • G. Rama Koteswara Rao
    • 1
    Email author
  • A. Pathanjali Sastri
    • 2
  1. 1.Department of Information TechnologyV.R. Siddhartha Engineering CollegeVijayawadaIndia
  2. 2.Department of Computer ApplicationsV.R. Siddhartha Engineering CollegeVijayawadaIndia

Personalised recommendations