SYN flooding attack — Identification and analysis

Abstract

This paper analyzes one type of denial of service attacks in Mobile Adhoc Networks called SYN flooding attack, and its impact on the quality of service parameters. Denial of service attacks generally take away the resources and the services of the node and deny further legitimate services. In SYN flooding attack, an attack node sends many TCP (Transmission Control Protocol) SYN requests with spoofed source addresses to a node. Each request makes the destination node to allocate its resources out of the availability. The destination sends the acknowledgement to the spoofed address and waits for the third message from the source, since TCP connection is established after a three way handshake. But, the source address is a spoofed address and it will not respond with an acknowledgement. In the mean time, the attacker sends a lot of SYN requests. All the victim's resources are exhausted and hence further connection requests cannot be considered, denying the legitimate accesses. In this paper, it is assumed that the data sent from the source to destination is multimedia data with the communication between a client and server. This paper provides a detailed analysis on the SYN Flooding attack and analyzes the various parameters which are affected by the attack. The necessary condition for the identification of SYN flood attack, which is the ratio of the number of acknowledgements received from the client to the SYN acknowledgements sent from the server is checked. The protocols used are selective proactive and reactive routing protocols. This attack affects the quality of service parameters like packet delivery ratio, average end to end delay, throughput and jitter.