The Internet protocol suite is increasingly used on devices with constrained resources that operate as both clients and servers within the Internet of Things paradigm. However, these devices usually apply few-if any-security measures. Therefore, they are vulnerable to network attacks, particularly to denial of service attacks. The well-known SYN flood attack works by filling up the connection queue with fake SYN requests. When the queue is full, new connections cannot be opened until some entries are removed after a time-out. Class 2 constrained devices-according to the RFC 7228-are highly vulnerable to this attack because of their limited available memory, even in low-rate attacks. This paper analyses and compares in a class 2 constrained device the performance of 2 commonly used defence mechanisms (ie, recycle half-open connections and SYN cookies) during a low-rate SYN flood. We first review 2 SYN cookies implementations (ie, Linux and FreeBSD) and compare them with a hybrid approach in a class 2 device. Finally, experimental results prove that the proposed SYN cookies implementation is more effective than recycling the oldest half-open connections.

• 出版日期2018-3