Research On The Prevention Of Syn Flood Attack Based On Turing Tests

DDoS(distributed denial of service) attack is one of the most serious threat to the Internet security. And much urgent need for defense is ever growing due to the increasing crackers and reforming attack utilities. There are several reasons such as the existing of large number of insecure machine, the broad availability of automatic DDoS tools and the use of fake IP address make is quite difficult to defense and track DDoS attack. With the rapid development of electronic information technology, information countermeasure is gradually extruding and will dominate information warfare. One side who hold information dominance that determines the outcome of a war will win.Currently most DDoS attacks to websites are implemented via TCP protocol and use TCP SYN Flood to achieve their intruding purpose. This paper work on DDoS especially SYN Flood, and proposes an approach to protect Networks against sophisticated SYN Flood. We investigate the properties of DDoS and SYN Flood in depth so that we can make specific proposal of solving this problem. In this thesis, we have investigated the mechanism, methodology and techniques of DDoS as well as the current defense and tracking strategy to it. Then we propose an Access Control with Turing Test, which Weighted moving average is used to compute dropping probability to avoid bursty traffic, Exponential increase response is adopted to implement rate limit. The primary goal of SYN Flood attack is sending high volume of queries to eat up the CPU and memory resources of the server and causes a breakdown. Our approach thus starts with saving resources. Server requests Turing Test before serves, if they are detected to be illegal, which server does not allocate any resource and the client will be disconnected. It will not allocate excessive resources for SYN queries. Choosing Netfilter as the primary implementation framework, we leverage connection tracing module and IP Inspect functionality to get specific segment information and do the appropriate processing. The theoretic analysis and experimental simulation show that Access Control with Turing Test based mechanism is able to prevent DDoS attack effectively and efficiently.