In this paper we experimentally analyse various dynamic timeout adjustment strategies in server queues as potential counter-measures against degradation of service attacks. Previous theoretical work studied the relative performance of both coarse-grained threshold-based timeout and finegrained adjusment strategies where the timeout value is adjusted as the number of connections in the queue varies. In addition, two methods for removing timed-out connections were explored: the deterministic method where the expiry time is determined at connection arrival depending on the timeout value at that moment, and the deferred method where connections are continuously polled and flushed when the time-in-queue is larger than the current timeout value. We report on experiments performed on a lab network where these strategies were tested against various configuration and attack parameters. The experimental results confirm the conclusions previously obtained from mathematical modelling and simu...
Daniel Boteanu, Edouard Reich, José M. Fern