ABSTRACT

The main goal of this paper is to design and implement a secured system against Server hijacking, which leads to Denial of Service (DoS) [5] attacks. This system uses more than one server for providing security. But only one server will be active at a time. The inactive servers act as Roaming Honeypots[9]. The source address of any request that hits a honeypot is recorded and all its future requests are dropped. Thus this system acts as an Intrusion Detection System (IDS). It is impossible to identify the active servers and the honeypots at a given moment even if attackers obtain the identities of all servers. Moreover the UDP/TCP port number used by the server varies as a function of time and a shared secret between the server and the client. This mechanism simplifies both the detection and filtering of malicious packets and it does not require any change to existing protocols. This port hopping[10] or roaming port technique is compatible with the UDP and TCP protocols. This system can be implemented in real time successfully.