Architectural design for large-scale campus-wide captive portal

43rd Annual 2009 International Carnahan Conference on Security Technology Pub Date : 2009-11-13 DOI:10.1109/CCST.2009.5335561

K. Koht-Arsa, A. Phonphoem, S. Sanguanpong

{"title":"Architectural design for large-scale campus-wide captive portal","authors":"K. Koht-Arsa, A. Phonphoem, S. Sanguanpong","doi":"10.1109/CCST.2009.5335561","DOIUrl":null,"url":null,"abstract":"Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system's TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.","PeriodicalId":117285,"journal":{"name":"43rd Annual 2009 International Carnahan Conference on Security Technology","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"43rd Annual 2009 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2009.5335561","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system's TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.

查看原文本刊更多论文

大型校园专属门户的建筑设计

管理高工作负载和并发访问对于强制门户来说是一项具有挑战性的任务。大量的客户端通常会给系统带来很高的工作负载。此外，一些蠕虫或木马感染的客户端通过HTTP协议在网络中传播，从而产生更多的流量。这种状态流量通常会导致网络攻击，尤其是syn - flood攻击。此外，安装在客户机机器中的一些行为不正常的软件可能会定期和/或自动地通过Internet下载、发送更新信息，或者在没有高工作负载感知的情况下反复重新连接到某些指定的服务器。本文提出了一种无状态的迷你HTTP重定向器。所有流量将被重定向到无状态的健壮URL目标重定向器，最终将通过原始套接字发送流量，从而绕过操作系统的TCP/IP堆栈。该系统具有无状态特性，可以完全防御syn泛洪攻击。此外，该系统还包括用户代理检测模块，用于最大限度地减少客户端机器上行为不端的软件造成的高工作负载影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

43rd Annual 2009 International Carnahan Conference on Security Technology

自引率

0.00%

发文量