Research Assistants: I. Krsul, M. Kuhn, C. Schuba, A. Sundaram, D. Zamboni
Sponsor: COAST Laboratory sponsors
Since mid-1996, several sites on the Internet have been attacked with a "SYN flood" attack. This attack results in a denial of service by flooding incoming TCP ports on the attacked machine. The problem with this attack is that it takes advantage of limitations in the TCP protocol itself that cannot be fixed easily. In its present form, the attack is extremely difficult to trace back to its source, and the fact that it involves little cost to the attacker means that it is a serious threat to targeted hosts. This group has developed an efficient software-based mechanism that can protect whole networks against the attack, and they are continuing to investigate methods of improving the defense without making alterations to potential target hosts.