Title :
The store-and-flood distributed reflective denial of service attack
Author :
Bingshuang Liu ; Berg, Skyler ; Li, Jie ; Tao Wei ; Chao Zhang ; Xinhui Han
Author_Institution :
Inst. of Comput. Sci. & Technol., Peking Univ., Beijing, China
Abstract :
Distributed reflective denial of service (DRDoS) attacks, especially those based on UDP reflection and amplification, can generate hundreds of gigabits per second of attack traffic, and have become a significant threat to Internet security. In this paper we show that an attacker can further make the DRDoS attack more dangerous. In particular, we describe a new DRDoS attack called store-and-flood DRDoS, or SF-DRDoS. By leveraging peer-to-peer (P2P) file-sharing networks, SF-DRDoS becomes more surreptitious and powerful than traditional DRDoS. An attacker can store carefully prepared data on reflector nodes before the flooding phase to greatly increase the amplification factor of an attack. We implemented a prototype of SF-DRDoS on Kad, a popular Kademlia-based P2P file-sharing network. With real-world experiments, this attack achieved an amplification factor of 2400 on average, with the upper bound of attack bandwidth at 670 Gbps in Kad. Finally, we discuss possible defenses to mitigate the threat of SF-DRDoS.
Keywords :
Internet; computer network security; peer-to-peer computing; telecommunication traffic; transport protocols; DRDoS attack; Internet security; Kad; Kademlia-based P2P file-sharing network; SF-DRDoS; UDP reflection; amplification factor; attack traffic; flooding phase; peer-to-peer file-sharing networks; reflector nodes; store-and-flood distributed reflective denial of service attack; Bandwidth; Computer crime; Crawlers; IP networks; Indexes; Peer-to-peer computing; Uplink; Amplification factor; DDoS; DRDoS; Kademlia; Store-and-flood;
Conference_Titel :
Computer Communication and Networks (ICCCN), 2014 23rd International Conference on
Conference_Location :
Shanghai
DOI :
10.1109/ICCCN.2014.6911808
