Purpose of the GroupSince September 1996, the SYN flood attack has been encountered on the Internet. The problems with this attack are that it takes advantages of limitations in the TCP protocol itself. In its present form, it is extremely difficult to trace an attack back to its originating machine, and the fact that it involves very little cost to the attacker means that it is a serious threat to targeted Internet Service Providers. The group is working on methods to prevent this attack as well as solutions for the present.
Current StatusWe have developed, over the last 3 months, an active monitoring tool that tries to classify observed IP addresses into known good addresses, known bad addresses and addresses the tool has no knowledge of. The tool is an active tool, which means that it actively monitors connections in realtime and completes them or disconnects them. A paper and a technical report are nearly ready and we hope to publish them at conferences.
Members of the Group
The SYNKILL Group is composed of the following COAST students and faculty:
- Eugene Spafford, Director
- Ivan Krsul, Graduate Student
- Markus Kuhn, Graduate Student
- Christoph Schuba, Graduate Student
- Aurobindo Sundaram, Graduate Student
- Diego Zamboni, Graduate Student
The SYNKILL Group