TY - GEN
T1 - SYN Flood Defense in Programmable Data Planes
AU - Scholz, Dominik
AU - Gallenmüller, Sebastian
AU - Stubbe, Henning
AU - Carle, Georg
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/12/1
Y1 - 2020/12/1
N2 - The SYN flood attack is a common attack strategy as part of Distributed Denial-of-Service, which steadily becomes more frequent and of higher volume. To defend against SYN floods, preventing valuable service downtime, malicious traffic has to be separated from legitimate TCP requests. For this challenge, sophisticated filtering mechanisms operating at high bandwidths are needed. Modern programmable data plane devices can handle traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms.
AB - The SYN flood attack is a common attack strategy as part of Distributed Denial-of-Service, which steadily becomes more frequent and of higher volume. To defend against SYN floods, preventing valuable service downtime, malicious traffic has to be separated from legitimate TCP requests. For this challenge, sophisticated filtering mechanisms operating at high bandwidths are needed. Modern programmable data plane devices can handle traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms.
KW - P4
KW - SYN flood mitigation
KW - programmable data planes
UR - http://www.scopus.com/inward/record.url?scp=85097647049&partnerID=8YFLogxK
U2 - 10.1145/3426744.3431323
DO - 10.1145/3426744.3431323
M3 - Conference contribution
AN - SCOPUS:85097647049
T3 - EuroP4 2020 - Proceedings of the 3rd P4 Workshop in Europe, Part of CoNEXT 2020
SP - 13
EP - 20
BT - EuroP4 2020 - Proceedings of the 3rd P4 Workshop in Europe, Part of CoNEXT 2020
PB - Association for Computing Machinery, Inc
T2 - 3rd P4 Workshop in Europe, EuroP4 2020, co-located with ACM CoNEXT 2020
Y2 - 1 December 2020
ER -