1. Technical Field of the Invention
The present invention is related to packet data communications, and more particularly, to communications between a remote network host and a mobile station operating within a mobile network interconnected with the remote network.
2. Description of Related Art
Developments and improvements in mobile telecommunication networks have enabled mobile subscribers to communicate data, other than mere voice data, over a serving mobile telecommunications network. With a wide proliferation of Internet and e-mail applications, mobile subscribers are able to access their e-mail messages or even browse or surf the Internet via their associated mobile stations. Accordingly, a mobile station may function as or in association with data terminal equipment (DTE) in providing Internet access or packet communications to an associated mobile subscriber. Voice communications over the mobile network normally use the circuit switch mode of operation. Packet data communications over the mobile network use packet-switched communications, (e.g., TCP/IP), on a packet channel.
A mobile station configured for packet data communications includes a Internet protocol (IP) address which is known by the mobile network. The data terminal equipment attached to the mobile station is configured with this address. An incoming TCP/IP packet addressed to the DTE associated with the mobile station from an exterior network, such as the Internet, forces the mobile network associated with the mobile station to perform a paging of the mobile station. The paging demands that the mobile station switch to a packet mode of operation and establish a packet channel with the mobile network. Once a packet channel is established on the mobile network, the DTE at the mobile station and the Internet host originating the TCP/IP packet can transparently transfer data between each other.
The interconnection between the Internet host and a mobile station utilizes a TCP/IP protocol using a "three-way handshake" routine as illustrated in FIG. 1. In this case, the client comprises the contacting Internet host and the server comprises a mobile station. The three-way handshake routine uses the SYN and ACK flags within the TCP header. An incoming TCP packet from the client (Internet host) includes a set SYN flag bit. The outgoing TCP packet response has both the SYN and ACK flag set. The client responds to this by transmitting a packet response having a set ACK flag. Once this routine has been performed a TCP/IP connection is established between the client and server.
One well known denial of service attack utilized on the Internet today is the TCP SYN flooding attack. In this attack, a client transmits TCP packets having the SYN flag set to a server but does not answer the responding TCP packets having the SYN and ACK flags set. This causes the server to wait for TCP packets including a set ACK flag until the server times out. This has the effect of hanging up system resources until the server timeout period expires.
In the context of a mobile network, when an attacker transmits a TCP SYN packet to a specific address within the mobile network, the mobile network will perform a paging of the associated mobile station provided that the mobile station resides in an idle mode. If the mobile station is capable, a packet data channel is established for the mobile station. If the attack is directed to an entire address base, the network would page all idle mobile stations for that address base. This would eventually download the entire mobile network. This comprises a huge threat for the network and the radio resources associated with the network if a TCP SYN flooding attack is being utilized.