An analysis of using reflectors for distributed denial-of-service attacks-Reference-Cited by-同舟云学术

An analysis of using reflectors for distributed denial-of-service attacks

Published:2001-07 Issue:3 Volume:31 Page:38-47
ISSN:0146-4833
Container-title:ACM SIGCOMM Computer Communication Review
language:en
Short-container-title:SIGCOMM Comput. Commun. Rev.

Author:

Paxson Vern¹

Affiliation:

1. International Computer Science Institute, Berkeley, CA

Abstract

Attackers can render distributed denial-of-service attacks more difficult to defend against by bouncing their flooding traffic off of reflectors ; that is, by spoofing requests from the victim to a large set of Internet servers that will in turn send their combined replies to the victim. The resulting dilution of locality in the flooding stream complicates the victim's abilities both to isolate the attack traffic in order to block it, and to use traceback techniques for locating the source of streams of packets with spoofed source addresses, such as ITRACE [Be00a], probabilistic packet marking [SWKA00], [SP01], and SPIE [S+01]. We discuss a number of possible defenses against reflector attacks, finding that most prove impractical, and then assess the degree to which different forms of reflector traffic will have characteristic signatures that the victim can use to identify and filter out the attack traffic. Our analysis indicates that three types of reflectors pose particularly significant threats: DNS and Gnutella servers, and TCP-based servers (particularly Web servers) running on TCP implementations that suffer from predictable initial sequence numbers. We argue in conclusion in support of "reverse ITRACE" [Ba00] and for the utility of packet traceback techniques that work even for low volume flows, such as SPIE.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Software

Link

https://dl.acm.org/doi/pdf/10.1145/505659.505664

Reference27 articles.

1. {Ba00} C. Barros "{LONG} A Proposal for ICMP Traceback Messages " http://www.research.att.com/lists/ietf-itrace/2000/09/msg00044.html Sept. 18 2000.]] {Ba00} C. Barros "{LONG} A Proposal for ICMP Traceback Messages " http://www.research.att.com/lists/ietf-itrace/2000/09/msg00044.html Sept. 18 2000.]]

2. {Be00a} S. Bellovin "ICMP Traceback Messages " Internet Draft http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt March 2000.]] {Be00a} S. Bellovin "ICMP Traceback Messages " Internet Draft http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt March 2000.]]

3. {Be00b} S. Bellovin "Security Aspects of Napster and Gnutella " http://www.research.att.com/~smb/talks/NapsterGnutella/index.htm June 2000.]] {Be00b} S. Bellovin "Security Aspects of Napster and Gnutella " http://www.research.att.com/~smb/talks/NapsterGnutella/index.htm June 2000.]]

4. {Br94} R. Braden "T/TCP --- TCP Extensions for Transactions: Functional Specification " RFC 1644 July 1994.]] {Br94} R. Braden "T/TCP --- TCP Extensions for Transactions: Functional Specification " RFC 1644 July 1994.]]

Cited by 151 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Multilevel Deep Neural Network Approach for Enhanced Distributed Denial-of-Service Attack Detection and Classification in Software-Defined Internet of Things Networks;IEEE Internet of Things Journal;2024-07-15

2. DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

3. Reflector Saturation in Amplified Reflection Denial of Service Attack Abusing CLDAP and Memcache Protocols;Communications in Computer and Information Science;2024

4. Comparable studies of Dos defense mechanism;Second International Conference on Digital Society and Intelligent Systems (DSInS 2022);2023-04-03

5. A Novel Approach for Efficient Mitigation against the SIP-Based DRDoS Attack;Applied Sciences;2023-01-31