HK1146168B - Method of preventing tcp-based denial-of-service attacks on mobile devices - Google Patents
Method of preventing tcp-based denial-of-service attacks on mobile devices Download PDFInfo
- Publication number
- HK1146168B HK1146168B HK11100332.4A HK11100332A HK1146168B HK 1146168 B HK1146168 B HK 1146168B HK 11100332 A HK11100332 A HK 11100332A HK 1146168 B HK1146168 B HK 1146168B
- Authority
- HK
- Hong Kong
- Prior art keywords
- mobile device
- packet
- tcp
- base station
- state
- Prior art date
Links
Abstract
Provided is a method of preventing a Transmission Control Protocol (TCP)-based Denial of Service (DoS) attack on a mobile device. The method efficiently prevents a DoS attack on a mobile device, which wirelessly and constantly transmits TCP packets to the mobile device using a TCP protocol and thereby exhausts resources of a wireless network and also battery power of the mobile device depending on a battery. An attack conventionally made in a wired network by abusing TCP-based three-way handshaking is more severe in the wireless network of mobile devices. To prevent such an attack on a mobile device, the method capable of checking three-way handshaking and each transition operation makes the mobile device check whether or not a received TCP packet is valid. Therefore, it is possible to efficiently prevent a DoS attack from exhausting wireless resources and battery power of the mobile device.
Description
Technical Field
The present invention relates to a method of preventing a Transmission Control Protocol (TCP) -based Denial of Service (DoS) attack on a mobile device, and more particularly, to a method of effectively preventing a DoS attack on a mobile device, which wirelessly and continuously transmits TCP packets to the mobile device using a TCP protocol, thereby exhausting wireless network resources and a battery power of the mobile device depending on a battery.
Background
In general, since internet services have been expanded from wired services to wireless services, and the types and services of mobile devices have diversified, users can access the internet from virtually any location through mobile devices.
For this reason, it is expected that service attacks performed in wired networks will gradually extend to wireless networks. In particular, these attacks may be more severe in wireless networks due to the limited resources of wired networks.
Fig. 1 is a general conceptual diagram for describing a general state transition operation and illustrates a complete standard finite state machine for better describing a TCP protocol for establishing and ending a TCP connection. In fig. 1, all states and transitions are shown for reliability.
First, the TCP connection state is defined as follows.
LISTEN: the daemon of the server is executed and waits for the status of the connection request.
SYN _ SENT: the local client application has requested a state of the remote host for connection.
SYN _ RCVD: a state in which the server has received a connection request from a remote client, has responded to the client, but has not received an acknowledgement message.
ESTABLISHED: a state in which the server and the client are connected to each other after completing the three-way handshake.
FIN _ WAIT _1, CLOSE _ WAIT, FIN _ WAIT _ 2: the server requests the client to terminate the connection, receive a reply, and terminate the state of the connection.
CLOSING: the rare state that an acknowledgement message is lost during transmission.
TIME _ WAIT: a state in which a socket will open for a period of time for a slow segment (slow segment) that may have been lost, although the connection has terminated.
CLOSED: a state in which the connection is completely terminated.
According to the connection principles of TCP communication to establish and terminate a TCP connection (as defined in the previous literature (e.g., transmission control protocol, RFC 793, Jon post, DARPA internet program protocol specification, 1981.9)), a three-way handshake procedure must be performed to establish a TCP connection between a client and a server.
More specifically, connection request (synchronization SYN), connection request/acknowledgement (synchronization/acknowledgement SYN/ACK), and acknowledgement (acknowledgement ACK) packets must be transmitted and received in order for the client to perform TCP communication with the server.
Here, when the three-way handshake process of the connection request SYN, the connection request/acknowledgement SYN/ACK, and the acknowledgement ACK is continuously performed, the TCP connection is established between the client and the server, which means that the TCP communication port of the server requested by the client is open for communication.
This conventional TCP state transition shows the state of the TCP stack in which the TCP state transition is located according to the label of the packet. However, according to the conventional TCP state transition, the incoming packet is not completely verified, and thus, abuse of such an attack frequently occurs.
That is, attacks abusing three-way handshake processes, e.g., DoS attacks such as SYN flooding, may be conducted over the internet.
Meanwhile, all of the above-described TCP state transitions may or may not be supported according to an operating system installed in the mobile device. In the initial three-way handshake step, there is no checking procedure proposed by the TCP specification to perform all TCP state transitions. Therefore, when network connection is frequently attempted by SYN flooding attack which is used as a TCP-based DoS attack on a mobile device which is in a sleep state most of the time to save energy, the mobile device transitions to an awake state and consumes energy.
Furthermore, even if the packet transmitted to the mobile device is for no useful reason, it may continually attempt a connection to the mobile device and wake up the mobile device. In this case, not only is the resources of the wireless link occupied, but the battery power of the mobile device is also wasted.
Disclosure of Invention
Technical problem
The present invention is directed to a method of effectively preventing a denial of service (DoS) attack on a mobile device, which wirelessly and continuously transmits TCP packets to the mobile device using a TCP protocol, thereby exhausting wireless network resources and battery power of the mobile device depending on a battery.
Technical scheme
A first aspect of the present invention provides a method for preventing a denial of service (DoS) attack by checking a packet flow transmitted between a base station and a mobile device using a Transmission Control Protocol (TCP), the method comprising the steps of: when the base station transmits a connection request SYN packet of TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet, the mobile device transmits a connection request acknowledgement SYN/ACK _1 packet to the base station; transmitting, at the base station, an acknowledgement ACK _2 packet corresponding to the connection request acknowledgement SYN/ACK _1 packet to the mobile device when receiving the transmitted connection request acknowledgement SYN/ACK _1 packet; when the mobile device receives the transmitted ACK _2 packet, establishing a TCP connection; and terminating the established TCP connection when the TCP connection is established and then the mobile device receives a packet transmitted from the base station in which a reset RST or connection request SYN flag is set.
Here, when a TCP connection is established and then the mobile device cannot receive any packet within a preset timeout period, it may be determined that the base station has abnormally terminated the TCP connection, so that the mobile device may safely terminate the TCP connection.
The timeout period may be set to 0.5 seconds.
A second aspect of the present invention provides a method for preventing DoS attacks by checking a packet flow transmitted between a base station and a mobile device using a TCP protocol, the method comprising the steps of: when the base station transmits a connection request SYN packet of TCP connection to the mobile device and then the mobile device receives the transmitted connection request SYN packet, transmitting a connection request acknowledgement SYN/ACK _1 packet to the base station at the mobile device; receiving a transmitted connection request acknowledgement (SYN/ACK _ 1) packet at a base station, and transmitting a finished FIN packet to a mobile device; and terminating the TCP connection when the mobile device receives the transmitted finish FIN packet.
A third aspect of the present invention provides a method for preventing DoS attacks by checking a packet flow transmitted between a base station and a mobile device using a TCP protocol, the method comprising the steps of: when the base station transmits a connection request SYN packet of TCP connection to the mobile device and then the mobile device receives the transmitted connection request SYN packet, transmitting a connection request acknowledgement SYN/ACK _1 packet to the base station at the mobile device; receiving a transmitted connection request acknowledgement SYN/ACK _1 packet at the base station, and then transmitting an acknowledgement completion ACK _2/FIN packet to the mobile device, wherein the acknowledgement completion ACK _2/FIN packet sets a FIN flag and an acknowledgement ACK _2 flag corresponding to the connection request acknowledgement SYN/ACK _1 packet; and terminating the TCP connection when the mobile device receives the transmitted ACK _2/FIN packet for acknowledgement completion.
A fourth aspect of the present invention provides a method for preventing DoS attacks by checking a packet flow transmitted between a base station and a mobile device using a TCP protocol, the method comprising the steps of: when the base station transmits a connection request SYN packet of TCP connection to the mobile device and then the mobile device receives the transmitted connection request SYN packet, transmitting a connection request acknowledgement SYN/ACK _1 packet to the base station at the mobile device; receiving a transmitted connection request acknowledgement (SYN/ACK) packet at a base station, and then forwarding the connection request SYN packet to the mobile device; and terminating the TCP connection when the mobile device receives the forwarded connection request SYN packet.
Here, after transmitting the connection request acknowledgement SYN/ACK _1 packet to the base station, when the mobile device cannot receive any packet within a preset timeout period, it may be determined that the base station has abnormally terminated the TCP connection, so that the mobile device may safely terminate the TCP connection.
The timeout period may be set to 0.5 seconds.
A fifth aspect of the present invention provides a method for preventing DoS attacks by checking a packet flow transmitted between a base station and a mobile device using a TCP protocol, the method comprising the steps of: when the mobile device transmits a completion/acknowledgement FIN/ACK packet for normally terminating the TCP connection to the base station after the TCP connection is established between the base station and the mobile device and then cannot receive an acknowledgement ACK _3 packet from the base station within a preset timeout period, the TCP connection is safely terminated.
Here, the timeout period may be set to 0.5 seconds.
A sixth aspect of the present invention provides a recording medium storing a program for executing the above-described method of preventing a TCP-based DoS attack on a mobile device.
Technical effects
According to the proposed method of preventing a Transmission Control Protocol (TCP) -based denial of service (DoS) attack on a mobile device, it is possible to prevent the DoS attack from wasting radio resources and battery power of the mobile device. Furthermore, when a DoS attack attempts to connect through a wireless network, the mobile device can be securely protected at an early stage.
Drawings
Fig. 1 is a general conceptual diagram for describing a general state transition operation;
fig. 2 is a general concept of a model for implementing a method of preventing a Transmission Control Protocol (TCP) -based denial of service (DoS) attack on a mobile device according to an exemplary embodiment of the present invention.
Fig. 3 illustrates a packet flow and a TCP state transition operation in the process of normally establishing a TCP connection between a base station and a mobile device;
fig. 4 illustrates a packet flow and a TCP state transition operation in the process of normally terminating a TCP connection between a base station and a mobile device;
FIG. 5 illustrates packet flow and TCP state transition operations in a first instance of an abnormal TCP connection;
FIG. 6 illustrates packet flow and TCP state transition operations in a second example of an abnormal TCP connection;
FIG. 7 illustrates packet flow and TCP state transition operations in a third example of an abnormal TCP connection;
FIG. 8 illustrates packet flow and TCP state transition operations in a fourth example of an abnormal TCP connection; and
fig. 9 shows a packet flow and a TCP state transition operation in a fifth example of an abnormal TCP connection.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail. However, the present invention is not limited to the exemplary embodiments disclosed below, but may be embodied in various modified forms. The present exemplary embodiments are provided to enable those skilled in the art to make and practice the invention.
First, the present invention may be applied to any case where a mobile device supplied with power from a battery wirelessly receives a Transmission Control Protocol (TCP) packet to thereby receive a service. The present invention is a protection means that can be applied to a mobile device, a smart phone, etc. using a network such as a Personal Digital Assistant (PDA), an evolution-data optimized (EVDO) second generation (2G) cellular network, a 3G/4G data service cellular network, etc. that can be TCP service outside the sensor network field for which a protocol has not been determined yet.
Furthermore, the invention is implemented in a mobile device and inspects and processes resource consuming TCP packets. Accordingly, the present invention is a method of efficiently managing wireless resources and resources of a mobile device, and can also be used as a method of securing a mobile device when a denial of service (DoS) attack attempts to connect through a wireless network.
Fig. 2 is a general conceptual diagram of a model for implementing a method of preventing a TCP-based DoS attack on a mobile device according to an exemplary embodiment of the present invention.
Referring to fig. 2, the entire model for implementing the method for preventing TCP-based DoS attacks on a mobile device according to an exemplary embodiment of the present invention includes 5 states of 0 to 4, and the 5 states are connected in various forms according to packet streams transmitted/received between a base station and a mobile device (e.g., a cellular phone, a PDA, a WebPDA, another wireless mobile device capable of supporting a TCP network, etc.).
Meanwhile, the model applied to the exemplary embodiment of the present invention checks and determines whether packets transmitted and received for TCP state transition conform to the TCP specification, while monitoring packets transmitted and received between the base station and the mobile device.
That is, the present invention performs a conventional checking function according to the TCP state transition. Thus, in each step it is possible to check what state follows from the flags of the transmitted and received packets, and what flags have to be set in the received packets in the current state.
Further, one session goes through the first state 0 to the fifth state 4 and returns to the first state 0 according to all packets input into the mobile device. Using the flag of the packet constituting the session, it is possible to check the order of step 0 to step 4, and whether a packet that should not be input is received. Here, the first state 0 represents the start and end of one session.
Fig. 3 illustrates packet flow and TCP state transition operations in the process of normally establishing a TCP connection between a base station and a mobile device.
Referring to fig. 2 and 3, when a session is first established between the base station 100 and the mobile device 200, the TCP state of the mobile device 200 is set to a first state 0, which represents the start and end of one session.
Subsequently, the base station 100 transmits a connection request SYN packet in which the SYN flag is set to a specific port of the mobile device 200 desiring to connect to the base station. When the mobile device 200 checks the reception of the connection request SYN packet transmitted from the base station 100 according to the present invention, the TCP state of the mobile device 200 is changed from the first state 0 to the second state 1.
Then, the mobile device 200 transmits a connection request acknowledgement SYN/ACK _1 packet in which the connection request SYN flag and the acknowledgement ACK _1 flag of the mobile device 200 are set to the base station 100 in the tunnel that receives the connection request. When the mobile device 200 checks for transmission of a connection request acknowledgement SYN/ACK _1 packet to the base station 100 according to the present invention, the TCP state of the mobile device 200 is changed from the second state 1 to the third state 2.
Next, the base station 100 transmits an acknowledgement ACK _2 packet corresponding to the connection request acknowledgement SYN/ACK _1 packet to the mobile device 200. When the mobile device 200 checks the reception of the acknowledgement ACK _2 packet transmitted from the base station 100 according to the present invention, the TCP state of the mobile device 200 is changed from the third state 2 to the fourth state 3, thereby establishing a TCP connection. Thereafter, data transmission may be performed between the base station 100 and the mobile device 200.
When a TCP connection is initially attempted, the TCP packet received by mobile device 200 must be a connection request SYN packet. Through the three-way handshake, a TCP connection is established with the node for which the TCP connection was attempted.
Therefore, in response to the connection request SYN packet, the mobile device 200 transmits a connection request acknowledgement SYN/ACK _1 packet and receives an acknowledgement ACK _2 packet as a response to the connection request acknowledgement SYN/ACK _1 packet. When the process is fully executed, a TCP connection is established.
The present invention provides pointers to the steps of the first state 0 to the fourth state 3 so that the mobile device 200 can check each step of establishing a TCP connection one by one. Since the pointer exists in every step from the initial attempt of the connection request SYN packet to the completion of the three-way handshake, the timing of the abnormal execution of the process can be immediately grasped, and the failure can also be appropriately handled.
Fig. 4 illustrates a packet flow and a TCP state transition operation in the process of normally terminating a TCP connection between a base station and a mobile device.
Referring to fig. 2 and 4, in a fourth state 3 in which a TCP connection is established between the base station 100 and the mobile device 200, the mobile device 200 transmits a completion acknowledgement FIN/ACK _3 packet in which a FIN flag is set to a specific port of the base station 100 to terminate the TCP connection with the base station 100. Upon receiving the completion acknowledgement FIN/ACK _3 packet transmitted from the mobile device 200, the base station 100 transmits an acknowledgement ACK _4 packet corresponding to the completion acknowledgement FIN/ACK _3 packet to the mobile device 200 so that the termination of the TCP connection has been recognized.
Here, when the mobile terminal 200 checks the transmission of the completion acknowledgement FIN/ACK _3 packet to the base station 100 according to the present invention, the TCP state of the mobile device 200 is changed from the fourth state 3 to the fifth state 4.
Next, the base station 100 transmits an acknowledgement FIN _4 packet corresponding to the completion acknowledgement FIN/ACK _3 packet. When the mobile device 200 checks the reception of the acknowledgement ACK _4 packet transmitted from the base station 100 according to the present invention, the TCP state of the mobile device 200 is changed from the fifth state 4 to the first state 0, thereby terminating the TCP connection.
Meanwhile, when the base station 100 previously terminates the connection without transmitting the acknowledgement ACK _4 packet in the fifth state 4, causing a timeout, the mobile device 200 also transitions to the first state 0 to terminate the TCP connection.
That is, when the mobile device 200 cannot receive the acknowledgement ACK _4 packet within a preset timeout period (which may be about 0.5 seconds), the TCP state of the mobile device 200 is changed from the fifth state 4 to the first state 0, thereby securely terminating the TCP connection.
A method of preventing a TCP-based DoS attack on a mobile device according to an exemplary embodiment of the present invention will be described in detail below with reference to several examples of abnormal TCP connections.
That is, it is described how the mobile device 200 can check and cope with a DoS attack using a model applied to the present invention when the DoS attack is performed. Most DoS attacks that the mobile device 200 can handle are anomalous attempts to establish a TCP connection.
Fig. 5 illustrates packet flow and TCP state transition operations in a first instance of an abnormal TCP connection.
Referring to fig. 2 and 5, when the mobile device 200 checks the reception of the connection request SYN packet transmitted from the base station 100, the TCP state of the mobile device 200 is changed from the first state 0 to the second state 1. Then, when the mobile device 200 checks for transmission of a connection request acknowledgement SYN/ACK _1 packet to the base station 100, the TCP state of the mobile device 200 changes from the second state 1 to the third state 2.
Next, when the mobile device 200 checks the reception of the acknowledgement ACK _2 packet transmitted from the base station 100, the TCP state of the mobile device 200 is changed from the third state 2 to the fourth state 4, thereby establishing a TCP connection.
Thereafter, when the mobile device 200 checks the reception of a packet (in which the reset RST and the connection request SYN flag, i.e., the connection request packet, are set) transmitted from the base station 100, the TCP state of the mobile device 200 is directly changed from the fourth state 3 to the first state 0, thereby securely terminating the TCP connection.
Meanwhile, when the base station 100 abnormally terminates the connection without transmitting any packet in the fourth state 3, the mobile device 200 directly transitions to the first state 0 to terminate the TCP connection according to the present invention causing a timeout.
That is, when the mobile device 200 cannot receive any packet within a preset timeout period (which may be about 0.5 seconds), the TCP state of the mobile device 200 is directly changed from the fourth state 3 to the first state 0, thereby securely terminating the TCP connection.
After considering all the descriptions in the first example of the abnormal TCP connection, it often occurs in the case where the connection request SYN packet is continuously transmitted to the mobile device 200 in the wireless network. In this case, wireless network resources are wasted and the mobile device 200 remains awake, consuming battery power.
Therefore, when the reset RST and connection request SYN packets are input after the three-way handshake, the packets are regarded as abnormal packets. Then, the mobile device 200 sequentially transitions from the first state 0 to the fourth state 3 as previously described, and then transitions back to the first state 0, thereby not receiving the packet.
Fig. 6 illustrates packet flow and TCP state transition operations in a second example of an abnormal TCP connection.
Referring to fig. 2 and 6, when the mobile device 200 checks the reception of the connection request SYN packet transmitted from the base station 100, the TCP state of the mobile device 200 is changed from the first state 0 to the second state 1. Then, when the mobile device 200 checks for transmission of a connection request acknowledgement SYN/ACK _1 packet to the base station 100, the TCP state of the mobile device 200 changes from the second state 1 to the third state 2.
Next, when the mobile device 200 receives the completion FIN packet transmitted from the base station 100, it is determined that the base station 100 has abnormally terminated the connection and the TCP state of the mobile device 200 is directly changed from the third state 2 to the first state 0, thereby safely terminating the TCP connection.
Meanwhile, when the base station 100 abnormally terminates the connection without transmitting any packet in the third state 2, causing a timeout, the mobile device 200 also directly transitions to the first state 0 to terminate the TCP connection.
That is, when the mobile device 200 cannot receive any packet within a preset timeout period (which may be about 0.5 seconds), the TCP state of the mobile device 200 is directly changed from the third state 2 to the first state 0, thereby securely terminating the TCP connection.
After considering all the descriptions in the second example of the abnormal TCP connection, a case occurs where a completion FIN packet is accidentally received in the three-way handshake procedure. That is, the operating system in the mobile device 200 waits for an acknowledgement ACK _2 packet to complete the three-way handshake process.
However, when an unexpected completion FIN packet is received from the base station 100, the mobile device 200 constantly waits in an awake state and consumes battery power. Thus, in this case, the mobile device 200 sequentially transitions from the first state 0 to the third state 2 and back to the first state 0, thereby terminating the TCP connection to prevent waste of resources.
That is, when it is confirmed that the TCP state of the mobile device 200 sequentially changes from the first state 0 to the third state 2 and back to the first state 0, and then the TCP connection is terminated, the problems of the battery consumption and the resource allocation can be solved.
Fig. 7 illustrates packet flow and TCP state transition operations in a third example of an abnormal TCP connection.
Referring to fig. 2 and 7, a case where the FIN packet is completed is transmitted while the three-way handshake is completed is shown. First, when the mobile device 200 checks the reception of the connection request SYN packet transmitted from the base station 100, the TCP state of the mobile device 200 is changed from the first state 0 to the second state 1. Then, when the mobile device 200 checks for transmission of a connection request acknowledgement SYN/ACK _1 packet to the base station 100, the TCP state of the mobile device 200 changes from the second state 1 to the third state 2.
Next, the base station 100 may transmit an acknowledgement completion ACK _2/FIN packet in which an acknowledgement ACK _2 flag and a FIN flag corresponding to the connection request acknowledgement SYN/ACK _1 packet are set to the mobile device 200. When the mobile device 200 checks the reception of the acknowledgement completion ACK _2/FIN packet transmitted from the base station 100 according to the present invention, the TCP state of the mobile device 200 is directly changed from the third state 2 to the first state 0, thereby terminating the TCP connection.
Meanwhile, when the base station 100 abnormally terminates the connection without transmitting any packet in the third state 2, a timeout is caused according to the present invention, and the mobile device 200 also directly transitions to the first state 0 to terminate the TCP connection.
That is, when the mobile device 200 cannot receive any packet within a preset timeout period (which may be about 0.5 seconds), the TCP state of the mobile device 200 is directly changed from the third state 2 to the first state 0, thereby securely terminating the TCP connection.
Fig. 8 shows packet flows and TCP state transition operations in a fourth example of an abnormal TCP connection.
Referring to fig. 2 and 8, when the mobile device 200 checks the reception of the connection request SYN packet transmitted from the base station 100, the TCP state of the mobile device 200 is changed from the first state 0 to the second state 1. Then, when the mobile device 200 checks for transmission of a connection request acknowledgement SYN/ACK _1 packet to the base station 100, the TCP state of the mobile device 200 changes from the second state 1 to the third state 2.
Here, the same base station 100 may continuously transmit the same connection request SYN packets to the mobile device 200 in the third state 2. When the mobile device 200 checks the reception of the connection request SYN packet from the same base station 100, the TCP state of the mobile device 200 is directly changed from the third state 2 to the first state 0, thereby securely terminating the TCP connection.
After considering all the descriptions in the fourth example of the abnormal TCP connection, a case occurs where the same connection request SYN packet is continuously transmitted during the three-way handshake. In this case, the connection request SYN packet is continuously transmitted to put the mobile device 200 in an awake state. Here, according to the method of the present invention, the mobile device 200 sequentially transitions from the first state 0 to the third state 2 and then transitions back to the first state 0 upon receiving the same connection request SYN packet, thereby safely terminating the TCP connection. Therefore, it is possible to effectively prevent waste of wireless resources and battery power of the mobile device 200.
Fig. 9 shows packet flows and TCP state transition operations in a fifth example of an abnormal TCP connection. In this fifth example, a timeout is caused.
Referring to fig. 2 and 9, when the mobile device 200 wants to terminate a TCP connection after the TCP connection is established between the base station 100 and the mobile device 200 (i.e., in the fourth state 3), the mobile device 200 transitions from the fourth state 3 to the fifth state 4 and waits for an acknowledgement FIN _2 packet from the base station 100 after transmitting a completion acknowledgement FIN/ACK _1 packet to the base station 100. Here, when there is no response within a preset timeout period, the TCP state of the mobile device 200 is directly changed from the fifth state 4 to the first state 0, thereby securely terminating the TCP connection.
Meanwhile, a method of preventing a TCP-based DoS attack on a mobile device according to an exemplary embodiment of the present invention may be stored in a computer-readable recording medium using computer code. The computer readable recording medium may be any recordable apparatus that stores data that can be read by a computer system.
For example, the computer-readable recording medium may be a read-only memory (ROM), a random-access memory (RAM), a compact disc read-only memory (CD-ROM), a magnetic tape, a hard disk, a floppy disk, a removable storage device, a non-volatile memory (flash memory), an optical data storage device, and the like. Also, the computer-readable recording medium may be a carrier wave transmitted through the internet, for example.
Further, the computer-readable recording medium may be distributed among computer systems connected via a communication network and stored in the form of codes that can be read and executed by a decentralized method.
While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (7)
1. A method for preventing a denial of service (DoS) attack by checking a packet flow transmitted between a base station and a mobile device using a Transmission Control Protocol (TCP), the method comprising the steps of:
transmitting a connection request acknowledgement (SYN/ACK _ 1) packet to the base station at the mobile device when the base station transmits a connection request (SYN) packet of a TCP connection to the mobile device and then the mobile device receives the transmitted connection request (SYN packet);
transmitting, at the base station, an acknowledgement (ACK _ 2) packet corresponding to the connection request acknowledgement (SYN/ACK _ 1) packet to the mobile device when receiving the transmitted connection request acknowledgement (SYN/ACK _ 1) packet;
when the mobile device receives the transmitted acknowledgement ACK _2 packet, establishing the TCP connection; and
when the TCP connection is established and then the mobile device receives a packet transmitted from the base station in which the reset RST or connection request SYN flag is set, the established TCP connection is terminated.
2. The method of claim 1, wherein when the TCP connection is established and then the mobile device cannot receive any packet within a preset timeout period, it is determined that the base station has abnormally terminated the TCP connection, and the mobile device terminates the TCP connection.
3. The method of claim 1, further comprising the steps of:
after transmitting a connection request acknowledgement SYN/ACK _1 packet to the base station, the TCP connection is terminated when the mobile device receives a transmitted completion FIN packet.
4. The method of claim 1, further comprising the steps of:
after transmitting a connection request acknowledgement SYN/ACK _1 packet to the base station, terminating the TCP connection when the mobile device receives a transmitted acknowledgement completion ACK _2/FIN packet.
5. The method of claim 1, further comprising the steps of:
after transmitting a connection request acknowledgement (SYN/ACK _ 1) packet to the base station, the TCP connection is terminated when the mobile device receives a forwarded connection request (SYN) packet.
6. The method according to any one of claims 3 to 5, wherein when the mobile device cannot receive any packet within a preset timeout period after transmitting the connection request acknowledgement SYN/ACK _1 packet to the base station, it is determined that the base station has abnormally terminated the TCP connection, so that the mobile device terminates the TCP connection.
7. The method of claim 1, further comprising the steps of:
the TCP connection is terminated when the mobile device transmits a completion/acknowledgement FIN/ACK packet for normally terminating the TCP connection to the base station after the TCP connection is established between the base station and the mobile device and then cannot receive an acknowledgement ACK _3 packet from the base station within a preset timeout period.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR10-2007-0079637 | 2007-08-08 | ||
| KR1020070079637A KR100889670B1 (en) | 2007-08-08 | 2007-08-08 | How to block TCP-based denial of service attacks on mobile devices |
| PCT/KR2007/004440 WO2009020255A1 (en) | 2007-08-08 | 2007-09-14 | Method of preventing tcp-based denial-of-service attacks on mobile devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1146168A1 HK1146168A1 (en) | 2011-05-13 |
| HK1146168B true HK1146168B (en) | 2013-08-09 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9055099B2 (en) | Method of preventing TCP-based denial-of-service attacks on mobile devices | |
| EP2596673B1 (en) | User device dormancy | |
| CN100456737C (en) | Method and apparatus for reestablishing communication after loss of communication in a wireless communication network | |
| US20210258877A1 (en) | Communication apparatus and communication method for low power event monitoring | |
| US20090271517A1 (en) | Method and apparatus for wireless device reconnection handling | |
| US8925068B2 (en) | Method for preventing denial of service attacks using transmission control protocol state transition | |
| WO2009070367A1 (en) | Low power operation of networked devices | |
| CN107567107B (en) | Data transmission method and device | |
| CN101247261A (en) | Method and apparatus for preventing DDos attack | |
| EP2548359A2 (en) | Method and apparatus for detecting active and orphan session-based connections | |
| EP3490293B1 (en) | Data receiving method, data sending method, receiving device and system | |
| JP6208153B2 (en) | Apparatus and method for facilitating extended time periods for maintaining a PPP session | |
| US20150334192A1 (en) | Mechanism for managing a communication session | |
| CN117896809A (en) | Implementation method and application of low-power data link layer protocol | |
| EP2999295B1 (en) | Method for releasing wireless link resource and user equipment | |
| HK1146168B (en) | Method of preventing tcp-based denial-of-service attacks on mobile devices | |
| US20140177575A1 (en) | Method for establishing an application session, device and corresponding notification | |
| CN118433647B (en) | Industrial router short message receiving and sending method and industrial router | |
| US20250301325A1 (en) | Multi-link operation link transition protection | |
| JP4697594B2 (en) | PDP context control system, method, program, and portable terminal | |
| US7860079B2 (en) | Method and apparatus to protect wireless networks from unsolicited packets triggering radio resource consumption | |
| CN110519840B (en) | Session processing method and device, network element and storage medium | |
| Kashyap et al. | Architectures for Internet Connectivity | |
| CN118339786A (en) | Early acknowledgment of data transmitted from a wireless device |