Investigating the Amplification Potential of Common UDP-Based Protocols in DDoS Attacks
A measurement study conducted across the networking infrastructure in Belgium and Luxembourg
V. Nitu (TU Delft - Electrical Engineering, Mathematics and Computer Science)
G. Smaragdakis – Mentor (TU Delft - Cyber Security)
H.J. Griffioen – Mentor (TU Delft - Cyber Security)
G. Iosifidis – Graduation committee member (TU Delft - Networked Systems)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Distributed Reflection Denial-of-Service (DRDoS) attacks remain among the most damaging cyber threats, leveraging vulnerable UDP-based protocols to amplify traffic and overwhelm targets. Our measurement study investigates the amplification potential of three commonly exploited protocols: DNS, NTP, and Memcached, within the context of the network infrastructure in Belgium and Luxembourg. By analysing amplification factors through various query strategies, we aim to identify potential vulnerabilities and correlations between factors that influence the weaponisation of these protocols. We also investigated application-layer looping vulnerabilities, also known as “Loopy”. Our findings indicate that despite protocol hardening, significant risks remain, particularly with improperly configured DNS servers and not updated NTP and Memcached versions.