The store-and-flood distributed reflective denial of service attack

Liu, Bingshuang; Berg, Skyler; Li, Jun; Wei, Tao; Zhang, Chao; Han, Xiao

doi:10.1109/icccn.2014.6911808

Cited by 6 publications

(4 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Increasingly rampant DDoS attacks, particularly attacks by DRDoS with UDPs, have become a global problem [29], [30]. DRDoS attacks, which focus on UDP reflection and amplification, can produce hundreds of gigabits per second of attack traffic, and has become a major threat to internet safety [31]. These attacks violate UDP-based network protocols that send a higher response compared with the request size.…”

Section: Classification Of Drdos Attacksmentioning

confidence: 99%

“…Thus, in our research area, we aim to shed light on the techniques used to detect and mitigate the BGP protocol by DRDoS attack. TCPbased DRDoS attacks were studied, but they only occur during the link establishment step due to the threeway handshake procedure and have no major amplification impact [31]. The protocols based on TCP, such as FTP and Telnet, have the highest number of amplifiers, as shown by data from scanning a random IP address for the popular protocols [34].…”

Section: Drdos Attacks Based On Tcp Protocolmentioning

confidence: 99%

“…The UDP protocol allows the amplification/reflection of the response that will lead to producing hundreds or thousands of gigabits per second of attack traffic. Thus, the DRDoS attacks become an influential threat to internet security [31]. The huge UDP traffic is amplified by the attacker, and the attacker is directed to the target by flooding the bandwidth of the victim by using P2P networks to store agent attack data before the attack process [39].…”

Section: Drdos Based On Udp Protocolmentioning

confidence: 99%

See 2 more Smart Citations

Distributed reflection denial of service attack: A critical review

Nuiaa

Manickam

Alsaeedi

2021

IJECE

View full text Add to dashboard Cite

As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.

show abstract

Section: Classification Of Drdos Attacksmentioning

confidence: 99%

Section: Drdos Attacks Based On Tcp Protocolmentioning

confidence: 99%

Section: Drdos Based On Udp Protocolmentioning

confidence: 99%

See 1 more Smart Citation

Distributed reflection denial of service attack: A critical review

Nuiaa

Manickam

Alsaeedi

2021

IJECE

View full text Add to dashboard Cite

show abstract

“…A successful DoS attack against a VoIP network requires the IP addresses of the SIP server and the SIP clients, and the IDs of the SIP users [38]. We obtain these parameters using our attack tool Mr.SIP's Network Scanner and SIP Enumerator modules.…”

Section: B Sr-drdos Attack Flowmentioning

confidence: 99%

A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism

2020

View full text Add to dashboard Cite

We introduce a novel SIP based attack, named as the SR-DRDoS attack, that exploits some less known SIP features by using the IP-spoofing technique, the reflection based attack logic and the DDoS attack logic. Furthermore, we develop a SIP-based DoS/DDoS attack simulator, named Mr. SIP, and use it to implement our SR-DRDoS attack. Our attack is shown to dramatically increase the CPU load of a SIP server from 0% up to 100% in only 4 minutes after the attack is initiated. Since our intelligent attack creates legitimate traffic on the SIP network by using reflection methods, it bypasses blacklists as well as IP, packet-count or session/transaction based rate limiting and automatic message generation detection systems which exist in state-of-the-art security perimeters such as firewalls, intrusion detection/prevention systems and anomaly detection systems. Moreover, we propose a novel defense mechanism that effectively mitigates our proposed DRDoS attack. Our defense mechanism is shown to successfully reduce the CPU load of a SIP server under attack from 71% down to 18% within 3 minutes after it is initiated.

show abstract