Thesis Details
Heuristické metody pro potlačení DDoS útoků zneužívajících protokol TCP
TCP SYN Flood is one of the most wide-spread DoS attack types used on computer networks nowadays. As a possible countermeasure, this thesis proposes a network-based mitigation method TCP Reset Cookies. The method utilizes the TCP three-way-handshake mechanism to establish a security association with a client before forwarding its SYN data. The algorithm can effectively mitigate even more sophisticated SYN flood attacks at the cost of 1-second delay for the first established connection. However, the method may not be suitable for all the scenarios, so decision-making algorithm to switch between different SYN Flood mitigation methods according to discovered traffic patterns was also developed. The project was conducted as a part of security research by CESNET. The discussed implementation of TCP Reset Cookies is already integrated into a DDoS protection solution deployed in CESNET's backbone network and Czech Internet exchange point at NIX.CZ.
DDoS, DDoS mitigation, Heuristic DDoS mitigation, TCP abuse, TCP SYN Flood, TCP Reset Cookies
Fuchs Petr, RNDr., Ph.D. (DMAT FEEC BUT), člen
Hradiš Michal, Ing., Ph.D. (DCGM FIT BUT), člen
Křena Bohuslav, Ing., Ph.D. (DITS FIT BUT), člen
Vašíček Zdeněk, doc. Ing., Ph.D. (DCSY FIT BUT), člen
@bachelorsthesis{FITBT21711,
author = "Patrik Goldschmidt",
type = "Bachelor's thesis",
title = "Heuristick\'{e} metody pro potla\v{c}en\'{i} DDoS \'{u}tok\r{u} zneu\v{z}\'{i}vaj\'{i}c\'{i}ch protokol TCP",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2019,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/21711/"
}