Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Colella, Antonio; Colombini, Clara Maria

doi:10.1007/978-3-319-10975-6_24

Cited by 6 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, on February 10, 2014, about 1300 NTP servers on different networks were involved in an unprecedented cyber attack, where each server generated at peak hours approximately 90 Mb/s of traffic towards particular targets located on the Internet". [6] Figure 1: Distributed Denial of Service attack using NTP servers as reflectors [3] From Figure 1 above, it can be observed that the attacker successfully executed the DDoS amplified attack by sending a UDP/123 MONLIST request with a specific spoofed source address of the intended victim of the attack to a vulnerable NTP server. In return, the server then forwarded the reply to the spoofed IP address (the victim) and it was then flooded with large packets.…”

Section: Related Workmentioning

confidence: 99%

“…"The goal of this type of honeypot is to lure an attacker to install either handler or agent code within the honeypot, thereby allowing the honeypot's owner to track the handler or agent behavior and better understand how to defend against future DDoS installation attacks. Honeypots are also helpful because they can store event logfiles during a DDoS attack" [6].…”

Section: Mitigating Ddos Ntp Amplified Attackmentioning

confidence: 99%

See 1 more Smart Citation

Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques

Jimoh,

Ahmed

2024

AIMS Research Journal

View full text Add to dashboard Cite

Network Time Protocol amplification attack is a form of distributed denial-of-service (DDoS) attack in which an attacker exploits or sends a request to a vulnerable NTP server by using their IP address to flood a targeted network or server with an overwhelming volume of User Datagram Protocol (UDP) traffic. In the past, the techniques that involved reflecting traffic off NTP servers to the victim, with the attacker hiding their identity by spoofing the source IP address were carried out using mainly Domain Name Server (DNS) servers but the use of vulnerable NTP servers as reflectors in DDoS attacks has gain lot of popularity since 2014, and this is as a result of the realization of high amplification scale that NTP servers can provide. This type of reflector attack maximized the use of the amplification factor of NTP servers to magnify the attack bandwidth, making it particularly disruptive and difficult to mitigate. Since NTP amplification is not a popularly known attack and there has not been much thorough research on it, this paper explores a holistic overview of NTP amplification attacks, how NTP is used for DDoS attacks, and the overall method that can be used to mitigate such attacks. Keywords: Distributed Denial-of-Service (DDoS) attack, DNS servers, NTP servers

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Mitigating Ddos Ntp Amplified Attackmentioning

confidence: 99%

Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques

Jimoh,

Ahmed

2024

AIMS Research Journal

View full text Add to dashboard Cite

show abstract

“…DDoS attacks can also be classified as Reflection and Amplification attacks. In a reflection attack, the size of the request and response is the same [41], whereas, in an amplification attack, the size of the response is many times bigger than that of the request [42]. In Table 6, the chronological evolution of DDoS attack vectors is depicted.…”

Section: A Distributed Denial Of Services (Ddos) Attacksmentioning

confidence: 99%

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

2021

View full text Add to dashboard Cite

Internet of Things (IoT) technology is prospering and entering every part of our lives, be it education, home, vehicles, or healthcare. With the increase in the number of connected devices, several challenges are also coming up with IoT technology: heterogeneity, scalability, quality of service, security requirements, and many more. Security management takes a back seat in IoT because of cost, size, and power. It poses a significant risk as lack of security makes users skeptical towards using IoT devices. This, in turn, makes IoT vulnerable to security attacks, ultimately causing enormous financial and reputational losses. It makes up for an urgent need to assess present security risks and discuss the upcoming challenges to be ready to face the same. The undertaken study is a multi-fold survey of different security issues present in IoT layers: perception layer, network layer, support layer, application layer, with further focus on Distributed Denial of Service (DDoS) attacks. DDoS attacks are significant threats for the cyber world because of their potential to bring down the victims. Different types of DDoS attacks, DDoS attacks in IoT devices, impacts of DDoS attacks, and solutions for mitigation are discussed in detail. The presented review work compares Intrusion Detection and Prevention models for mitigating DDoS attacks and focuses on Intrusion Detection models. Furthermore, the classification of Intrusion Detection Systems, different anomaly detection techniques, different Intrusion Detection System models based on datasets, various machine learning and deep learning techniques for data pre-processing and malware detection has been discussed. In the end, a broader perspective has been envisioned while discussing research challenges, its proposed solutions, and future visions.

show abstract

“…The Internet of Things (IoT) has made millions of computer devices connected via the internet network, thereby increasing security threats, including DDoS attacks [1] [2], and is the most noticed and most important attack on the Internet network today [3]. One such attack is the Simple Network Management Protocol (SNMP), a UDP protocol commonly used for network management so that a request sent to an SNMP server returns a larger response than an incoming request [4]. However, DDOS is one of the most prominent attacking behaviors over the network, which interrupts and blocks legitimate users from using network resources [5][6].…”

Section: Introductionmentioning

confidence: 99%

Developing Application in Anticipating DDoS Attacks on Server Computer Machines

Anggrawan

Azhar²,

Triwijoyo³

et al. 2021

matrik

View full text Add to dashboard Cite

The use of server computer machines in companies is primarily a web hosting server that is very easy to experience threats, especially external security threats such as attempts to infiltrate, hacking, viruses, and other malicious attacks. Having a secure server is indispensable for working online and especially if involved in business-related network transactions. The Server's realization to be safe from threats is to protect the server machine's security on the hardware and software side and pay attention to network security that goes to the server machine. Generally, firewall applications on router devices have configuration limitations in securing the network, namely non-integrated applications. In other words, it is necessary to manage the perfect firewall configuration to anticipate Distributed Daniel attacks of Service (DDoS) attacks. Therefore, this study aims to integrate existing firewall applications for router devices into an integrated program to secure the network. The methodology used is the Network Development Life Cycle (NDLC). The research results on this developed application program can overcome DDoS attacks without setting up a firewall on the router device and can automatically monitor DDoS attack activities from outside the Server. Securing servers from DDoS attacks without setting up a firewall on the router device and automating the monitoring of DDoS attack activity from outside the Server are the novelties of this study that have not been available in previous studies.

show abstract

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Cited by 6 publications

References 11 publications

Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques

Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

Developing Application in Anticipating DDoS Attacks on Server Computer Machines

Contact Info

Product

Resources

About