%0 Conference Proceedings
%T DoS Amplification Attacks – Protocol-Agnostic Detection of Service Abuse in Amplifier Networks
%+ Technische Universität Munchen - Technical University Munich - Université Technique de Munich (TUM)
%+ Leibniz Supercomputing Centre (LRZ)
%A Böttger, Timm
%A Braun, Lothar
%A Gasser, Oliver
%A Eye, Felix, Von
%A Reiser, Helmut
%A Carle, Georg
%Z Part 5: New Protocols
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 7th Workshop on Traffic Monitoring and Analysis (TMA)
%C Barcelona, Spain
%Y Moritz Steiner
%Y Pere Barlet-Ros
%Y Olivier Bonaventure
%3 Traffic Monitoring and Analysis
%V LNCS-9053
%P 205-218
%8 2015-04-21
%D 2015
%R 10.1007/978-3-319-17172-2_14
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X For many years Distributed Denial-of-Service attacks have been known to be a threat to Internet services. Recently a configuration flaw in NTP daemons led to attacks with traffic rates of several hundred Gbit/s. For those attacks a third party, the amplifier, is used to significantly increase the volume of traffic reflected to the victim. Recent research revealed more UDP-based protocols that are vulnerable to amplification attacks. Detecting such attacks from an abused amplifier network’s point of view has only rarely been investigated.In this work we identify novel properties which characterize amplification attacks and allow to identify the illegitimate use of arbitrary services.Their suitability for amplification attack detection is evaluated in large high-speed research networks. We prove that our approach is fully capable of detecting attacks that were already seen in the wild as well as capable of detecting attacks we conducted ourselves exploiting newly discovered vulnerabilities.
%G English
%Z TC 6
%Z WG 6.6
%2 https://hal.science/hal-01411196/document
%2 https://hal.science/hal-01411196/file/336978_1_En_14_Chapter.pdf
%L hal-01411196
%U https://hal.science/hal-01411196
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-TMA
%~ IFIP-WG6-6
%~ IFIP-LNCS-9053