TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Abstract

TCP SYN Flood as one kind of Denial of Service (DoS) attack, still popular to flood the server connection, by sending SYN packets to the target. Because of the risk caused by this attack, there is a need for a network security mechanism. In this paper, one of the security mechanisms proposed is using Stateful Packet Inspection (SPI) method on Configserver Security and Firewall (CSF). By using SPI method, CSF has capabilities to responsible for separating packets of data, that may be entered with data packets that should not be entered into the server. For example: port to be opened, port closed, and IP Address that may access the server for anywhere. This paper combines both of CSF and SPI method to prevent TCP SYN Flood (DoS) with Proof of Concept (PoC) at the Linux operating system. The security process is done in 3 ways: configuring a maximum connection from an IP Address to a server, securing an incoming SYN packet per second, and counting how many times an IP Address violates the minimum SYN packet rule per second before being blocked by a firewall.