English

Me Love (SYN-)Cookies: SYN Flood Mitigation in Programmable Data Planes

Networking and Internet Architecture 2020-03-09 v1 Cryptography and Security Performance

Abstract

The SYN flood attack is a common attack strategy on the Internet, which tries to overload services with requests leading to a Denial-of-Service (DoS). Highly asymmetric costs for connection setup - putting the main burden on the attackee - make SYN flooding an efficient and popular DoS attack strategy. Abusing the widely used TCP as an attack vector complicates the detection of malicious traffic and its prevention utilizing naive connection blocking strategies. Modern programmable data plane devices are capable of handling traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms. Further, we fully disclose the artifacts leading to the experiments described in this work.

Keywords

Cite

@article{arxiv.2003.03221,
  title  = {Me Love (SYN-)Cookies: SYN Flood Mitigation in Programmable Data Planes},
  author = {Dominik Scholz and Sebastian Gallenmüller and Henning Stubbe and Bassam Jaber and Minoo Rouhi and Georg Carle},
  journal= {arXiv preprint arXiv:2003.03221},
  year   = {2020}
}
R2 v1 2026-06-23T14:06:34.742Z