Exploring DDoS amplification attack vectors prevalent in the Dutch IP range
K. Dimitrov (TU Delft - Electrical Engineering, Mathematics and Computer Science)
G. Smaragdakis – Mentor (TU Delft - Cyber Security)
H.J. Griffioen – Mentor (TU Delft - Cyber Security)
G. Iosifidis – Graduation committee member (TU Delft - Networked Systems)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
This paper explores Distributed Reflective Denial-of-Service (DRDoS) attacks, a variant of Distributed Denial-of-Service (DDoS) attacks that leverage publicly accessible UDP servers to amplify traffic towards a target. These attacks, accounting for over half of all DDoS cases in 2023, are significant threats to online services due to their potential to generate traffic volumes in the Tbps range. Despite existing research on DDoS attack vectors and techniques, there remains a gap in tools for identifying potential amplification sources within specific networks. This paper aims to fill that gap by identifying and measuring amplification hazards in the Dutch IP range, focusing on DNS, NTP, and Memcached protocols. Our findings reveal significant amplification potentials, particularly within NTP and Memcached servers, and highlight the influence of factors such as EDNS0 buffer size on DNS amplification.