SYN Flood Defense in Programmable Data Planes

Dominik Scholz, Sebastian Gallenmüller, Henning Stubbe, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Scopus citations

Abstract

The SYN flood attack is a common attack strategy as part of Distributed Denial-of-Service, which steadily becomes more frequent and of higher volume. To defend against SYN floods, preventing valuable service downtime, malicious traffic has to be separated from legitimate TCP requests. For this challenge, sophisticated filtering mechanisms operating at high bandwidths are needed. Modern programmable data plane devices can handle traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms.

Original languageEnglish
Title of host publicationEuroP4 2020 - Proceedings of the 3rd P4 Workshop in Europe, Part of CoNEXT 2020
PublisherAssociation for Computing Machinery, Inc
Pages13-20
Number of pages8
ISBN (Electronic)9781450381819
DOIs
StatePublished - 1 Dec 2020
Event3rd P4 Workshop in Europe, EuroP4 2020, co-located with ACM CoNEXT 2020 - Virtual, Online, Spain
Duration: 1 Dec 2020 → …

Publication series

NameEuroP4 2020 - Proceedings of the 3rd P4 Workshop in Europe, Part of CoNEXT 2020

Conference

Conference3rd P4 Workshop in Europe, EuroP4 2020, co-located with ACM CoNEXT 2020
Country/TerritorySpain
CityVirtual, Online
Period1/12/20 → …

Keywords

  • P4
  • SYN flood mitigation
  • programmable data planes

Fingerprint

Dive into the research topics of 'SYN Flood Defense in Programmable Data Planes'. Together they form a unique fingerprint.

Cite this