Mitigation of TCP-SYN Attacks with Microsoft's Windows XP Service Pack2 (SP2) Software

Abstract

TCP-SYN attack is one of the commonly used DDoS attacks aimed at bringing down a computer system connected to Internet. There has been an increased targeting of Windows end-users and servers. The attackers and intruders are leveraging easily identifiable network blocks to target and exploit Windows end-user servers and computer systems. In order to provide some level of security and protection against security attacks, the Microsoft's Windows XP operating systems were designed with an additional level of security. The initial Microsoft's windows XP without service pack2 (SP2) provided windows firewall with some security features. The later version of Microsoft's windows XP with SP2 intends to provide enhanced security features to prevent and mitigate the adverse effect of security attacks on the host computer systems. In this experimental paper, we set out to conduct real TCP-SYN attacks on computer systems in a controlled lab environment and measure the effectiveness of Microsoft's windows XP without SP2, and with SP2 in preventing TCP-SYN attacks. The Windows firewall (without SP2) was found to be not effective against the TCP-SYN attacks. However, the later version of Microsoft's Windows XP with SP2 was found to significantly help mitigate the adverse effect of the TCP SYN attacks on Windows based computer systems.