SYN Packet Pacifier: a host-based anti-DoS-attack System

Abstract

Internet service provided by TCP connections are often susceptible to Denial of Service attack, especially SYN Flood from external hosts even internal on the network. In our research, we materialise a stateless session establishment mechanism at SYN packet in TCP 3Way Hand Shake then avoid consuming in that CPU, memory and others. We suggest SPP (SYN Packet Pacifier) in this paper. We arranged SPP within FreeBSD Kernel as the system based on above principles. SPP is a secure defense system and an effective DoS counter measure rather than the former methods such as SYN Cache and SYN Cookie.