TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC


  • I Putu Agus Eka Pratama Department of Information Technology, Faculty of Engineering, Udayana University, Bali, Indonesia



TCP SYN Flood, Denial of Service (DoS), Configserver Security and Firewall (CSF), Stateful Packet Inspection (SPI), Proof of Concept (PoC)


TCP SYN Flood as one kind of Denial of Service (DoS) attack, still popular to flood the server connection, by sending SYN packets to the target. Because of the risk caused by this attack, there is a need for a network security mechanism. In this paper, one of the security mechanisms proposed is using Stateful Packet Inspection (SPI) method on Configserver Security and Firewall (CSF). By using SPI method, CSF has capabilities to responsible for separating packets of data, that may be entered with data packets that should not be entered into the server. For example: port to be opened, port closed, and IP Address that may access the server for anywhere. This paper combines both of CSF and SPI method to prevent TCP SYN Flood (DoS) with Proof of Concept (PoC) at the Linux operating system. The security process is done in 3 ways: configuring a maximum connection from an IP Address to a server, securing an incoming SYN packet per second, and counting how many times an IP Address violates the minimum SYN packet rule per second before being blocked by a firewall.


Download data is not yet available.


A.A. Zabar and F. Novianto, Keamanan HTTP dan HTTPS Berbasis Web Menggunakan Sistem Operasi Kali Linux," Jurnal Ilmiah Komputer dan Informatika (KOMPUTA) Vol.4 No.2, 2015.

F. Komariyah1 and H. Argyawati, "Implementasi Server Cluster Hight Availability Pada Web Server Dengan Sistem Operasi Turnkey Linux Menggunakan Heartbeat," Jurnal Penelitian Ilmu Komputer, System Embedded and Logic 4(2):78-88, 2016.

S.Q. Mir, "Investigating the Denial of Service Attack: A Major Threat to Internet and the Security of Information," JK Research Journal in Mathematics and Computer Sciences, Vol.(1) No.(1), 2018.

M. Bogdanoski, "TCP-SYN Flooding Attack in Wireless Networks," 2012 International Conference Innovations on Communication Theory (INCT), 2012.

D. Kshirsagara, et al., "CPU Load Analysis and Minimization for TCP SYN Flood Detection,", 2016 International Conference on Computational Modeling and Security (CMS), pp. 626 - 633, 2016.

M.E. Manna and A. Amphawan, "Review of SYN Flooding Attack Detection Mechanism," International Journal of Distributed and Parallel Systems (IJDPS) Vol.3, No.1, January 2012.

M.Bogdanoski, et al., "Analysis of the SYN Flood DoS Attack," International Journal of Computer Network and Information Security (IJCNIS), Vol.8, pp.1-11, 2013.

J.J Siregar, "Analysis Eksploitasi Keamanan Web Denial of Service Attack," ComTech Journal BINUS, Vol.4 No.2, 2013.

H. Polat, et al., "Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models," MDPI Journal Sustainability, 2020.

A. Fadil, et, al, "A Novel DDoS Attack Detection Based on Gaussian Naive Bayes," Bulletin of Electrical Engineering and Informatics, Vol.6, No.2, pp.140-148, 2017.

P. Prajapati, et al., "A Review of Recent Detection Methods for HTTP DDoS Attacks," International Journal of Scientific and Technology Research, Vol.8, Issue 12, 2019.

Z. Gavric, et al., "Overview of DOS attacks on wire-less sensor networks and experimental results for simulation of interference attacks," Ingeniería e Investigacion, 38(1), 130-138, 2018.

J. Vinnarasi, "Security Solution for SDN Using Host-Based IDSs Over DDoS Attack," International Journal of Emerging Technology and Innovative Engineering, Volume 5, Issue 9, 2019.

M. Poongothai, et al., "Simulation and Analysis of DDoS Attacks," 2012 International Conference on Emerging Trends in Science, Engineering and Technology (INCOSET), 2012.

G.A. Jaafar, et al., "Review of Recent Detection Methods for HTTP DDoS Attack," Hindawi Journal of Computer Networks and Communications, 2019.

E. Alomari, et al., "Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art," International Journal of Computer Applications, Volume 49-No.7, 2012.

T. Mahjabin, et al., "A Survey of Distributed Denial-of-Service Attack, Prevention, and Mitigation Techniques," Journal Sage Pub Volume: 13 issue: 12, 2017.

A.D. Keromytis, et al., "SOS : An Architecture For Mitigating DDoS Attacks," Journal on Selected Areas in Communications,Vol.21,2013.

M. Masdari, and M. Jalali, "A Survey and Taxonomy of DoS Attacks in Cloud Computing," Security and Communication Networks, 2016.

K. Hong, et al., "SDN-Assisted Slow HTTP DDoS Attack Defense Method," IEEE Communications Letters Volume: 22 , Issue: 4 , 2018.

F. Shaar and A. Efe, "DDoS Attacks and Impacts on Various Cloud Computing Components," International Journal of Information Security Science, Vol.7, No.1, 2018.

J. Cheng, et al., "Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning," Hindawi Security and Communication Networks, 2018.

T.Nathiya, "Reducing DDOS Attack Techniques in Cloud Computing Network Technology," International Journal of Innovative Research in Applied Sciences and Engineering (IJIRASE) Vol.1(3), 2017.

N.N. Dao, et al., "Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks," PLOS journal, 2016.

N. Nelmiawati, et al., "Rancang Bangun Lab Komputer Virtual Berbasis Cloud Computing Menggunakan Openstack Pada Jaringan Terpusat," JAIC, vol.2, no.1, pp.11-17, 2018.

L.B. Christensen, "Experimental Methodology, 10th Edition," Willey. 2012.




How to Cite

Pratama, I. P. A. E. . (2020). TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC. Bulletin of Computer Science and Electrical Engineering, 1(2), 63–72.