Amplification Hell: Revisiting Network Protocols for DDoS Abuse

Rossow, Christian

doi:10.14722/ndss.2014.23233

Cited by 284 publications

(282 citation statements)

References 19 publications

Supporting

Mentioning

248

Contrasting

Unclassified

Order By: Relevance

“…It efficiently blocks non-spoofed bandwidth DoS attack packets, sent directly to the victim, as illustrated by Attacker 1 in Figure 8. In practice, non-spoofed attack packets are widely used in BW-DoS attacks, as they are easier to generate by attackers, since they can be sent by benign reflectors [29], [35], and clients running unprivileged malware and/or behind NATs or ingress-filtering routers.…”

Section: A Dynamic Whitelist Filteringmentioning

confidence: 99%

CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds

Gilad

Herzberg

Sudkovitch³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-onDemand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

show abstract

Section: A Dynamic Whitelist Filteringmentioning

confidence: 99%

CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds

Gilad

Herzberg

Sudkovitch³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Scan and backscatter analysis and detection were covered in Refs. [5], [21], [28]. Continuous efforts have been made to tackle Conficker throughout the years [13], [26], [27].…”

Section: Related Workmentioning

confidence: 99%

An Evaluation of Darknet Traffic Taxonomy

Fukuda

2018

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences.

show abstract

“…RELATED WORK C Rossow et al [7] analysed UDP amplification attacks to expose the risk of existing vulnerabilities with network protocols. Bait servers were deployed and back scatter analysis was performed to provide insight into their current usage.…”

Section: Http/2 Potential Vulnerabilitiesmentioning

confidence: 99%