Print Email Facebook Twitter Uncovering the vulnerable Title Uncovering the vulnerable: Exploring the issue of TCP reflective amplification in the network of an ISP Author Oortwijn, Joost (TU Delft Technology, Policy and Management) Contributor Hernandez Ganan, C. (mentor) van Wegberg, R.S. (mentor) De Stefani, J. (mentor) Degree granting institution Delft University of Technology Programme Engineering and Policy Analysis Date 2023-04-17 Abstract The rapid growth of internet-connected devices has led to a significant increase in the number of cyber attacks, resulting in security challenges related to IoT. Researchers have discovered a new attack technique that can be used for launching large DDoS attacks, which involves TCP reflective amplification by abusing middleboxes and IoT devices. In order to assist Internet Service Providers (ISP's) in mitigating this vulnerability present at their customers, a deeper understanding of this novel attack technique is needed. The thesis primarily focuses on exploring vulnerable devices and their end-users within the consumer network of a Dutch ISP, KPN. The ultimate goal is to gather more information on the types of vulnerable devices and actors involved to eventually assist an ISP in making informed decisions to remediate the vulnerability in their network.The study found that the problem can be described in two different issues: vulnerable middleboxes and vulnerable consumer IoT devices with broken TCP protocols. The problem of vulnerable middleboxes has been solved in the network of the Dutch ISP as manufacturers have released updates remediating the vulnerability. This is not the case for vulnerable consumer IoT, as updating consumer IoT devices does not necessarily address the vulnerability present in the devices that have been identified. However, vulnerability notifications can potentially be useful for end-users to encourage them to update their vulnerable devices.The study highlights the presence of vulnerable devices in the ISP network that cannot be remediated by updating the device due to the unavailability of a fix. This calls for the exploration of alternative notification methods like walled garden notifications for ISP's to address the issue as mail notifications seem not feasible at the moment of writing. While updating devices is a suggested solution, it may not be feasible for end-users with vulnerable consumer IoT devices, making it crucial for manufacturers to ensure their products have secure TCP protocols. While end-users are motivated and capable to keep their vulnerable devices up to date, whether or not they receive a vulnerability notification from their ISP, this action alone will not fully address the vulnerability as long as manufacturers remain unaware of the issue or fail to provide updates to remedy it. Subject IoTDDoSComputer securityEnd-user behaviour To reference this document use: http://resolver.tudelft.nl/uuid:2f7d7a7e-31ef-4e01-a00a-af90bce1ffda Part of collection Student theses Document type master thesis Rights © 2023 Joost Oortwijn Files PDF EPA_Thesis_Joost_Oortwijn ... 593472.pdf 2.92 MB Close viewer /islandora/object/uuid:2f7d7a7e-31ef-4e01-a00a-af90bce1ffda/datastream/OBJ/view