DoS amplification attacks – protocol-agnostic detection of service abuse in amplifier networks

Timm Böttger, Lothar Braun, Oliver Gasser, Felix Von Eye, Helmut Reiser, Georg Carle

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

8 Zitate (Scopus)

Abstract

For many years Distributed Denial-of-Service attacks have been known to be a threat to Internet services. Recently a configuration flaw in NTP daemons led to attacks with traffic rates of several hundred Gbit/s. For those attacks a third party, the amplifier, is used to significantly increase the volume of traffic reflected to the victim. Recent research revealed more UDP-based protocols that are vulnerable to amplification attacks. Detecting such attacks from an abused amplifier network’s point of view has only rarely been investigated. In this work we identify novel properties which characterize amplification attacks and allow to identify the illegitimate use of arbitrary services. Their suitability for amplification attack detection is evaluated in large high-speed research networks. We prove that our approach is fully capable of detecting attacks that were already seen in the wild as well as capable of detecting attacks we conducted ourselves exploiting newly discovered vulnerabilities.

OriginalspracheEnglisch
TitelTraffic Monitoring and Analysis - 7th International Workshop, TMA 2015, Proceedings
Redakteure/-innenPere Barlet-Ros, Olivier Bonaventure, Moritz Steiner
Herausgeber (Verlag)Springer Verlag
Seiten205-218
Seitenumfang14
ISBN (elektronisch)9783319171715
DOIs
PublikationsstatusVeröffentlicht - 2015
Veranstaltung7th International Workshop on Traffic Monitoring and Analysis, TMA 2015 - Barcelona, Spanien
Dauer: 21 Apr. 201524 Apr. 2015

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band9053
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz7th International Workshop on Traffic Monitoring and Analysis, TMA 2015
Land/GebietSpanien
OrtBarcelona
Zeitraum21/04/1524/04/15

Fingerprint

Untersuchen Sie die Forschungsthemen von „DoS amplification attacks – protocol-agnostic detection of service abuse in amplifier networks“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren