Two classes of novel TCP exploits and the countermeasures.

摘要

This thesis presents two classes of novel TCP exploits and the countermeasures. In the first exploit, we have proposed a new breed of low-rate Denial-of-Service (DoS) attacks, referred to as pulsing DoS (PDoS) attacks, which abuse TCP congestion control mechanisms to throttle a victim's throughput. Comparing with traditional flooding-based DoS attacks, PDoS attacks use much less attack traffic to cause similar damage to TCP flows. Besides TCP, the dominant transport protocol today, the emerging SCTP and DCCP will also be vulnerable to PDoS attacks. On the defense side, we have proposed two new effective schemes to detect PDoS attacks. In the second exploit, we have proposed two novel network timing channels, TCPScript and Cloak, which facilitate stealthy communications in the Internet. By exploiting TCP's flow concept, sliding window, and acknowledgement mechanisms, TCPScript and Cloak provide much higher channel capacity, camouflage flexibility, and reliability than existing covert channels. Since the protocol features exploited by TCPScript and Cloak are widely adopted by modem transport protocols, similar covert channels could be imbedded in other protocols. We have also proposed new detection schemes to uncover TCPScript and Cloak channels.