TRAP: A Three-way handshake server for TCP connection establishment

Fu Hau Hsu, Yan Ling Hwang, Cheng Yu Tsai, Wei Tai Cai, Chia Hao Lee, Kai Wei Chang

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


Distributed denial of service attacks have become more and more frequent nowadays. In 2013, a massive distributed denial of service (DDoS) attack was launched against Spamhaus causing the service to shut down. In this paper, we present a three-way handshaking server for Transmission Control Protocol (TCP) connection redirection utilizing TCP header options. When a legitimate client attempted to connect to a server undergoing an SYN-flood DDoS attack, it will try to initiate a three-way handshake. After it has successfully established a connection, the server will reply with a reset (RST) packet, in which a new server address and a secret is embedded. The client can, thus, connect to the new server that only accepts SYN packets with the corrected secret using the supplied secret.

Original languageEnglish
Article number358
JournalApplied Sciences (Switzerland)
Issue number11
StatePublished - 16 Nov 2016


  • DDoS
  • Netfilter
  • SYN flood attack
  • TCP
  • TCP options
  • Three-way handshake


Dive into the research topics of 'TRAP: A Three-way handshake server for TCP connection establishment'. Together they form a unique fingerprint.

Cite this