CTCP: A transparent centralized TCP/IP architecture for network security

Fu Hau Hsu, Tzi Cker Chiueh

研究成果: 書貢獻/報告類型會議論文篇章同行評審

6 引文 斯高帕斯(Scopus)

摘要

Many network security problems can be solved in a centralized TCP (CTCP) architecture, in which an organization's edge router transparently proxies every TCP connection between an internal host and an external host on the Internet. This paper describes the design, implementation, and evaluation of a CTCP router prototype that is built on the Linux kernel. By redirecting all packets targeting at non-existent or non-open-to-public ports to a CTCP socket which pretends to be the original receivers, CTCP could confirm the real identification of the packet sources, collect suspicious traffic from them, and make an illusion that the scanned target ports are all open, thus renders port scanning an useless effort. Under CTCP architecture, external hosts only interacts with a secure CTCP router; therefore, any OS fingerprinting attempt and DoS/DDoS attack targeting at TCP/IP implementation bugs could be thwarted. Moreover, By further checking traffic originating from confirmed scanners, the CTCP router can actually identify buffer overflow attack traffic. Finally, the CTCP router solves the TCP connection hijacking problem by introducing an additional check on the sequence number filed of incoming packets. Despite providing a rich variety of protection, the CTCP architecture does not incur much overhead. On a 1.1GHz Pentium-3 machine with gigabit Ethernet interfaces, the throughput of the CTCP router is 420.3 Mbits/sec, whereas the throughput of a generic Linux router on the same hardware is only 409.1 Mbits/sec.

原文???core.languages.en_GB???
主出版物標題Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004
頁面335-344
頁數10
DOIs
出版狀態已出版 - 2004
事件20th Annual Computer Security Applications Conference, ACSAC 2004 - Tucson, AZ, United States
持續時間: 6 12月 200410 12月 2004

出版系列

名字Proceedings - Annual Computer Security Applications Conference, ACSAC
ISSN(列印)1063-9527

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???20th Annual Computer Security Applications Conference, ACSAC 2004
國家/地區United States
城市Tucson, AZ
期間6/12/0410/12/04

指紋

深入研究「CTCP: A transparent centralized TCP/IP architecture for network security」主題。共同形成了獨特的指紋。

引用此