METHOD AND DEVICE FOR CATEGORIZING A STREAM CONTROL TRANSMISSION PROTOCOL (SCTP) RECEIVER TERMINAL AS A MALICIOUS SCTP RECEIVER TERMINAL

摘要

A method and a device are provided for categorizing a Stream Control Transmission Protocol (SCTP) receiver terminal (120) as a malicious SCTP receiver terminal, which generates spoofed optimistic SCTP selective acknowledgement (SACK) packet for exploiting a SCTP transmitter terminal as a flood source for Denial-of-Service attacks. The SCTP receiver terminal (120) generates data enriched SCTP SACK packets (170). Each data enriched SCTP SACK packet comprises a cumulative payload essence of all successfully received data packets (200). The SCTP transmitter terminal (110) performs a data enriched SACK validation in which it computes the cumulative payload essence of all successfully transmitted data packets (200), and compares the computed value with the cumulative payload essence contained in the received data enriched SACK. The SCTP transmitter terminal detects a spoofed optimistic SACK packet if the comparison results in a difference.

主权项

1. A method for categorizing a Stream Control Transmission Protocol (SCTP) receiver terminal as a malicious SCTP receiver terminal generating spoofed optimistic SCTP selective acknowledgement (SACK) packet, comprising:
(a) receiving, by a transceiver of a SCTP receiver terminal, a SCTP data packet containing a data chunk within a SCTP association; (b) generating, by a processor of the SCTP receiver terminal, a data enriched SCTP SACK packet, the data enriched SCTP SACK packet comprising a cumulative payload essence of all data chunks successfully received within the SCTP association; and (c) transmitting, by the transceiver of the SCTP receiver terminal, the data enriched SCTP SACK packet for enabling categorization of the SCTP receiver terminal as a malicious SCTP receiver terminal.