Performance studies of the server-side access control for syn-flooding distributed denial of service attacks using real systems

This paper presents our on-going project on performance evaluation of the major existing solutions based on serverside access control for SYN-flooding distributed denialof-service attacks using a real network system. Although many solutions have been proposed and implemented, there is no formal performance study that measures and compares the solutions based on server-side access control. The successful connection rate of the existing solutions was measured, compared and analyzed using an experiment test bed developed by LINUX-based PCs. We have tested SYN-cookie, Random Drop and the unmodified TCP in various conditions. We also simulated different types of legitimate clients in the end-to-end signal propagation delay to evaluate the fairness in connections. The results of our experiments showed that SYN-cookie resulted in the perfect (i.e., 100%) connection rate in all the experiments and configurations. Regardless of the length of the end-to-end delay, the connection rate of the unmodified TCP dropped to below 5% for a low request rate of 50 requests per second or more. Random Drop was more effective in improving connection rate than the unmodified TCP if the end-to-end delay was short or when the TCP backlog queue size was increased to more then 300 slots.