The SYNKILL Group is composed of a number of students and faculty within the COAST Laboratory at Purdue University who worked on a solution to the SYN flood attacks on the Internet.

Purpose of the Group

Since September 1996, the SYN flood attack has been encountered on the Internet. The problems with this attack are that it takes advantages of limitations in the TCP protocol itself. In its present form, it is extremely difficult to trace an attack back to its originating machine, and the fact that it involves very little cost to the attacker means that it is a serious threat to targeted Internet Service Providers. The group is working on methods to prevent this attack as well as solutions for the present.

Related Information

Current Status

We have developed, over the last 3 months, an active monitoring tool that tries to classify observed IP addresses into known good addresses, known bad addresses and addresses the tool has no knowledge of. The tool is an active tool, which means that it actively monitors connections in realtime and completes them or disconnects them. A paper and a technical report are nearly ready and we hope to publish them at conferences.


Members of the Group

The SYNKILL Group is composed of the following COAST students and faculty:

  • Eugene Spafford, Director
  • Ivan Krsul, Graduate Student
  • Markus Kuhn, Graduate Student
  • Christoph Schuba, Graduate Student
  • Aurobindo Sundaram, Graduate Student
  • Diego Zamboni, Graduate Student