SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

Learn about a groundbreaking network security research presentation from Princeton University researchers at USENIX Security '24 that introduces SmartCookie, an innovative defense system against SYN flooding attacks. Discover how this split-proxy defense system leverages programmable switches to achieve 100% blocking of SYN floods in the switch data plane while maintaining high performance for legitimate traffic. Explore the technical implementation that combines programmable switches with kernel technologies like eBPF to handle attack traffic at 136.9 Mpps without packet loss - two orders of magnitude better than traditional CPU-based defenses. Understand how the system achieves 2x-6.5x lower end-to-end latency for benign traffic compared to existing switch-based hardware defenses, making it a crucial solution for network providers processing hundreds of Gbps of traffic across thousands of servers.