Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.
Petana, E. and Kumar, S. (2011) TCP SYN Based DDoS Attack on EKG Signals Monitored by a Wireless Sensor Network. Journal of Security and Communication Networks, 4, 1448-1460. http://dx.doi.org/10.1002/sec.275
[3]
Kumar, S. and Petana, E. (2008) Mitigation of TCP/SYN Attacks with Microsoft’s Windows XP Service Pack2 (SP2) Software. 7th International Conference on Networking, 2008. http://dx.doi.org/10.1109/ICN.2008.77
[4]
Gade, R., Vellalacheruvu, H. and Kumar, S. (2010) Performance of Windows XP, Windows Vista and Apple’s Leopard Computers under a Denial of Service Attack. 4th International Conference on Digital Society, St. Maarten, 10-16 February 2010. http://dx.doi.org/10.1109/ICDS.2010.39
[5]
Surisetty, S. and Kumar, S. (2010) Is Apple’s iMac Leopard Operating System Secure under ARP-Based Flooding Attacks? IEEE 4th International Conference on Digital Society, St. Maarten, 10-16 February 2010, 178-181.
[6]
Kumar, S. and Surisetty, S. (2012) Microsoft’s Windows7 vs. Apple’s Snow Leopard: An Experimental Evaluation of Resilience against Distributed Denial of Service (DDoS) Attacks. IEEE Security and Privacy, 10, 60-64. http://dx.doi.org/10.1109/MSP.2011.147
[7]
Windows 7, Vista Exposed to “Teardrop Attack”. ZDNet, Sept 8, 2009.
[8]
W. Eddy, RFC 4987 “TCP SYN Flooding Attacks and Common Mitigations. www.ietf.org/rfc/rfc4987.txt
Tuning TCP/IP Response to Attack. technet.microsoft.com/en-us/library/cc759239(WS.10).aspx
[11]
TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008. (www.microsoft.com/downloads/details.aspx?FamilyID=12ac9780-17b5-480c-aef 7-5c0bde9060b0&displaylang=en
[12]
Registry Settings That Can Be Modified to Improve Network Performance. http://msdn.microsoft.com/en-us/library/ee377084(v=bts.10).aspx
