Low-Rate TCP-Targeted Denial of Service Attacks

Aleksandar Kuzmanovic*, Edward W. Knightly

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

236 Scopus citations


Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP's congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a well-known vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission time-out mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Moreover, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized time-out mechanisms to thwart such low-rate DoS attacks.

Original languageEnglish (US)
Pages (from-to)75-86
Number of pages12
JournalComputer Communication Review
Issue number4
StatePublished - Oct 2003
EventProceedings of ACM SIGCOMM 2003: Conference on Computer Communications - Karlsruhe, Germany
Duration: Aug 25 2003Aug 29 2003


  • Denial of Service
  • Retransmission timeout
  • TCP

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Low-Rate TCP-Targeted Denial of Service Attacks'. Together they form a unique fingerprint.

Cite this