Banner Image

All Services

Programming & Development Programming & Software

Software Development

$20/hr Starting at $1K

Extensive software development experience in the TCP/IP protocol suite, Firewall and Security, on Unix/embedded

platforms.

Skills Summary: TCP/IP protocol suite, Firewall/NAT, DOS/DDOS protection, DPDK packet processing framework, TCP/IP

Security, C, C++, Linux, VxWorks, pSOS.

Last Project

Psychz Firewall (Winlintech Solutions) : The Client was facing regular TCP/UDP DDOS attacks on servers

and was looking for a custom-made high(line) rate Firewall. Based on the field requirements, Psychz Firewall

developed on Linux utilizing the DPDK packet processing framework. Packets are received/transmitted directly in

userspace Firewall, bypassing the Linux kernel, through the DPDK poll mode network driver. Successfully

developed and deployed protections for various TCP/UDP DDOS flood attacks while maintaining minimal

processing overhead.

  • DDOS mitigation implemented at two levels: Rule/ACL level matching general TCP/IP header fields,

hashlimit buckets level which groups hosts on a hashlimit ACL by hash of one or more fields:

source-IP/mask, destination-IP/mask, source port and destination port. Packets matching a hashlimit ACL

are further classified into a hashlimit bucket and ACL actions like ratelimiting are applied at the bucket

level.

  •  TCP state table implementation providing implicit ACK flood mitigation. Only SYNs pass a TCP keepstate

ACL, first SYN adds state to the TCP table and subsequent connection traffic passes through the TCP state

table.

  • TCP SYN flood detection by monitoring SYN rate at ACL or hashlimit bucket level. Mitigation is based on

the syncache mechanism. If SYN flood attack is detected, the first SYN is always dropped but recorded in

the syncache hash table. Only subsequent exact SYN results in TCP state entry creation allowing the

connection to pass through.

  • UDP flood attacks detection by monitoring new flows rate and/or byte rate on a UDP ACL or hashlimit

bucket. Mitigation provided through ratelimiting or blocking new and recent flows during attacks.

  • DNS amplification attack mitigation : Firewall can monitor UDP DNS response traffic to protected

network or host. If DNS response is greater than 512 bytes, it is truncated to 512 or less at a record

boundary and the truncate flag is set in the DNS header. If this is q genuine response to a request from a

protected host then it will make the same query using TCP, otherwise packet is discarded.

  • Whitelisting IPs : UDP Rule can be added which allows only whitelisted IPs. IPs can be whitelisted

manually or automatically. Automatic whitelist entry is added on a successful TCP connection from the

source through a keepstate TCP ACL with whitelist flag. The whitelist flag can also be specified for any

ACL which results in only manually whitelisted IPs getting processed by the ACL.

  • Rule based filtering and pattern based filtering

About

$20/hr Ongoing

Download Resume

Extensive software development experience in the TCP/IP protocol suite, Firewall and Security, on Unix/embedded

platforms.

Skills Summary: TCP/IP protocol suite, Firewall/NAT, DOS/DDOS protection, DPDK packet processing framework, TCP/IP

Security, C, C++, Linux, VxWorks, pSOS.

Last Project

Psychz Firewall (Winlintech Solutions) : The Client was facing regular TCP/UDP DDOS attacks on servers

and was looking for a custom-made high(line) rate Firewall. Based on the field requirements, Psychz Firewall

developed on Linux utilizing the DPDK packet processing framework. Packets are received/transmitted directly in

userspace Firewall, bypassing the Linux kernel, through the DPDK poll mode network driver. Successfully

developed and deployed protections for various TCP/UDP DDOS flood attacks while maintaining minimal

processing overhead.

  • DDOS mitigation implemented at two levels: Rule/ACL level matching general TCP/IP header fields,

hashlimit buckets level which groups hosts on a hashlimit ACL by hash of one or more fields:

source-IP/mask, destination-IP/mask, source port and destination port. Packets matching a hashlimit ACL

are further classified into a hashlimit bucket and ACL actions like ratelimiting are applied at the bucket

level.

  •  TCP state table implementation providing implicit ACK flood mitigation. Only SYNs pass a TCP keepstate

ACL, first SYN adds state to the TCP table and subsequent connection traffic passes through the TCP state

table.

  • TCP SYN flood detection by monitoring SYN rate at ACL or hashlimit bucket level. Mitigation is based on

the syncache mechanism. If SYN flood attack is detected, the first SYN is always dropped but recorded in

the syncache hash table. Only subsequent exact SYN results in TCP state entry creation allowing the

connection to pass through.

  • UDP flood attacks detection by monitoring new flows rate and/or byte rate on a UDP ACL or hashlimit

bucket. Mitigation provided through ratelimiting or blocking new and recent flows during attacks.

  • DNS amplification attack mitigation : Firewall can monitor UDP DNS response traffic to protected

network or host. If DNS response is greater than 512 bytes, it is truncated to 512 or less at a record

boundary and the truncate flag is set in the DNS header. If this is q genuine response to a request from a

protected host then it will make the same query using TCP, otherwise packet is discarded.

  • Whitelisting IPs : UDP Rule can be added which allows only whitelisted IPs. IPs can be whitelisted

manually or automatically. Automatic whitelist entry is added on a successful TCP connection from the

source through a keepstate TCP ACL with whitelist flag. The whitelist flag can also be specified for any

ACL which results in only manually whitelisted IPs getting processed by the ACL.

  • Rule based filtering and pattern based filtering

Skills & Expertise

C++Embedded DevelopmentEmbedded SystemsLinuxObject Oriented ProgrammingOpen SourceProgrammingUnix

0 Reviews

This Freelancer has not received any feedback.