International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Different Types Of Port-Hopping Methods Used To Prevent Ddos Attacks
Treesa Nice P. A.1, Amitha Mathew2
Dept. of Computer Science and Engineering
Rajagiri School of Engineering and Technology
Abstract—This paper contains different types of port-hopping
methods used for preventing Distributed Denial of Service
(DDoS) Attacks. Port-hopping is an efficient way to mitigate
the DDoS attacks. There are bandwidth based attacks,
application level attacks, protocol based attacks etc. Port-
hopping can be used to effectively mitigate application level
DDoS attacks.
Keywords-dos, ddos, attacks, mitigation, port-hopping.
I. INTRODUCTION
Now a day, the attackers are increasing to a greater
extent. They will find out new ways or methods for
attacking. If a new attack is found out, then some mitigation
methods also being found out by experts. These methods will
provide security to some extent. But this will not be a
T
complete solution. At that time a new type of attack may be
SR
launched. Then it will be very difficult to get dealt with this.
Denial of Service attack is one type of attack. This will
prevent the legitimate or legal user from getting a service
from the server. DoS attack is a dangerous type of attack. If
IJC
the attack is from a group of attacker, it will be very difficult
to prevent attack. This type of attack is known as Distributed
Denial of Service attack. The most common type of DoS
attack is bandwidth based attacks. Here, the network will be
flooded with unnecessary packets. Then the legitimate user
cannot reach the server and get the service. This attack can
be identified by considering the huge increase in the
bandwidth. Then prevention methods or correction methods
can be used. Filtering methods can be used to prevent
bandwidth based or volumetric or network flooding attacks.
Suppose the attack is meant for a single application. Then
the bandwidth will not get increased to a greater extent.
Here, filtering methods cannot be used to mitigate or prevent
the application level attacks. A new method should be used
to mitigate the application level DDoS attacks. Port-Hopping
is an efficient way to mitigate the application level DDoS
attacks.
Different ports will be used to transfer data both in the
server side and client side. If the port number is known to the
attacker, then it will be easy for him to launch a directed
attack. In order to avoid that, port-hopping can be used. In
simple way, port-hopping means changing the port number.
Then the attacker cannot know the port number and cannot
launch a directed attack. Even if the attacker gets the port
number, the port number may be changed b that time. Then
the attacker cannot launch a directed attack. There are
different types of port-hopping methods present. In this
IJCSRTV1IS050035 www.ijcsrt.org
Vol. 1 Issue 5, October - 2013
paper, different types of port-hopping methods are being
discussed.
The paper is organized as follows. In Section II, the
pseudo random number generation port-hopping is being
described. Then in Section III, the acknowledgement based
port hopping method is being discussed. And in section IV,
true random number generation port hopping is also
discussed. Section V concludes the discussion.
II. PSEUDO RANDOM NUMBER GENERATION PORT
HOPPING
Pseudo Random Number Generation methods are
algorithms that use some mathematical formulae or
equations to create number sequences that appear randomly.
Now the algorithms for generating pseudo-random numbers
are generating the numbers which look exactly similar as
they were really random. Here, the port number of the server
will be changed dynamically as a function of time [3]. The
time will be divided into discrete time slots Ti, where i = {0,
1, 2....}, each of a given duration t. Then in different time
slots, different port numbers are being used. Let Pi represents
the port number used by the server in time slot Ti. Then Pi is
determined by using a pseudo random function which is
known only to the server and the client. Besides that, the
server and client will use a seed which also is known only to
the server and the client. Here a cryptographic key also can
be used to increase the security of the data transfer. This key
will not be known to the attacker. Then it will be difficult for
him to decrypt and understand the data. The port can be
calculated by using the equation Pi = f (i, k). When a client
wants to communicate with the server, it will send contact
initiation message to the server. If the server is ready to grant
the request, it will send the reply message to the client which
also contains a seed. Using this seed and the pseudo random
function, the client will calculate the next port to which data
is to be sent or the next port which will be opened at the
server for receiving the data from the client. After the
corresponding time period, the client will send the data to the
new port number. Then the attacker will not know the
current port number which is used for communication
because the port number will be changed dynamically by
using the pseudo random function and the seed. So, if the
server receives packets with a different port number, it will
reject that packet without any further inspection. Because of
this reason, the computational resources which are needed to
detect and reject the malicious data packets are reduced.
One problem in this method is that the clocks of the
server and client will be different. So no time
36

synchronization will be there. Then it is possible that the data
may be sent to the port which is not yet opened or a port
which is closed depending on whether client’s clock is faster
or slower than that of the server. In this case a clock drift
from the server’s clock is calculated for each client by taking
the ratio of the value of the client’s clock divided by the
value of the server’s clock. Then in the next time slot the
data will be sent to the previous port and to the next port for
a small amount of time. Then no time synchronization is
needed in this case. This is an effective way to prevent the
DDoS attack in the application level as the port number
changes dynamically. Then it is difficult for the attacker to
launch a directed attack. Even if the attacker launches a blind
attack and wins in calculating the current port number, then
also it will be difficult to understand the data because the
data is encrypted using a cryptographic key which is known
only to the server and the client.
There are some disadvantages for this method. It will
generate random numbers based on mathematical formulae
or functions. Because of this, the attacker can easily predict
the random numbers used for calculating the new port
number. This is deterministic means that the same sequence
of numbers can be reproduced later if the starting point in the
sequence is known. This method is periodic because the
sequence will sooner or later repeat at any point itself.
III. ACKNOWLEDGEMENT BASED PORT HOPPING
T for helping me in doing this paper. Last but not least, I am
In acknowledgement based port hopping [2], the ports
SR
will be changed after getting the acknowledgement from the
server. First the client will send the data to the server using
the current port which is opened at a specific time. After
IJC
receiving the data packet, the server will send an
acknowledgement to the client. After reaching the
acknowledgement at the client side, the client will change
the port number to a new one. Then a directed attack is not
possible by the adversary.
One major problem in this method is that, if the
acknowledgement from the server is lost before reaching the
client side, then the client will wait for the
acknowledgement from the server indefinitely. Then the
port will remain opened for a long time. Then the attacker
can identify the port number and can launch a directed
attack. Here, re-initialization is made by using some seed.
IV. TRUE RANDOM NUMBER GENERATION PORT
HOPPING
True Random Number Generation port hopping will
make use of the exact randomness from physical phenomena.
Then it will bring in this randomness into a computer system.
Here, no mathematical formulae or any pre-calculated values
are used for calculating the random numbers. For example,
physical movements of a computer mouse can be used to
generate the random numbers. The variations in the mouse
movement can be used to get different random numbers.
Another physical phenomenon can be the amount of time
IJCSRTV1IS050035 www.ijcsrt.org
International Journal of Computer Science Research & Technology (IJCSRT)
ISSN: 2321-8827
Vol. 1 Issue 5, October - 2013
between keystrokes. The source should be carefully chosen.
Next physical phenomenon that can be used is a radioactive
source. The time taken by the radioactive source to decay
will be different in all the case. This cannot be predicted by
any persons. Another physical phenomenon that can be used
for this purpose is atmospheric noise. This is easy to pick up
with a normal radio change. The other one which is taken
into account is different patterns of background noise from
any room. The computer fan will produce some background
noise. Like this, different True Random Number Generation
Sources can be implemented to generate different random
numbers for port hopping.
V. CONCLUSION
In this paper, different port hopping methods which are
used for mitigating Distributed Denial of Service attack is
being discussed. In section II, Pseudo Random Number
Generation Port Hopping is discussed. Then in next section,
acknowledgement based port hopping is given and in the last
section, a discussion about True Random Number
Generation port hopping method is also presented.
ACKNOWLEDGMENT
First of all thanks to God Almighty. I am very much
thankful to my family members. I am thankful to our
Principal, HOD, and my guide. I am thankful to my friends
thankful to all the people who have helped me in doing such
a paper.
REFERENCES
[1] Zhang Fu, Marina Papatriantafilou, and Philippas Tsigas, “Mitigating
Disatributed Denial of Service Attacks in Multiparty Applications in
the Presence of Clock Drifts,” IEEE Transactions on Dependable and
Secure Computing, Vol. 9, No. 3, May/June 2012
[2] Gal Badishi, Amir herzberg, and Idit Keidar, “Keeping Denial-of-
Service Attackers in the Dark”, IEEE Transactions on Dependable
and Secure Computing, Vol. 4, No. 3, July-September 2007.
[3] Henry C. J. Lee, Vrizlynn L. L. Thing, “Port Hopping for Resilient
Networks”, IEEE 2004.
[4] Xiaowei Yang, David Wetherall, Thomas Anderson, “A DoS-limiting
Network Architecture”, SIGCOMM’05, August 21-26, 2005,
Philadelphia, Pennsylvania, USA.
[5] Stephen de Vries “A Corsaire White Paper:Application Denial of
Service (DoS) Attacks”1 April 2004.
[6] Arbor Application Brief: “The Growing Threat of Application-Layer
DDoS Attacks”.2011.
[7] http://www.random.org/randomness.
[8] M. Muthuprasanna, G. Manimaran, “Distributed divide-and-conquer
techniques for effective DDoS attack defences”, Iowa State
University.
[9] Mudhakar Srivatsa, Arun Iyengar, Jian Yin, and Ling Liu, “A Client-
Transparent Approach to Defend Against Denial of Service Attacks”,
25th IEEE Symposium on Reliable Distributed Systems (SRDS’06).
[10] Tom Anderson, Timothy Roscoe, David Wetherall,
“Preventing Internet Denial-of-Service with Capabilities”,
Intel research Berkeley, IRB-TR-03-047, November, 2003.
37