Estimating the Amplification Factors in the Network Infrastructure of France
Defining factors that affect amplification DoS attacks
Panayiotis Hadjiioannou (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Georgios Smaragdakis – Mentor (TU Delft - Cyber Security)
Harm Griffioen – Mentor (TU Delft - Cyber Security)
Georgios Iosifidis – Graduation committee member (TU Delft - Networked Systems)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Amplification Denial of Service (DoS) attacks have been a persistent challenge in network security, with the consequences ranging from causing minor disruptions to substantial financial losses and irreparable damage to reputation.
In today's network environment, many infrastructures are not primary targets of amplification attacks but unwittingly aid them by sending large responses generated by spoofed packets to the potential victims. The ever-growing number of servers makes manual detection of vulnerable components impractical, emphasizing the urgent need for automated tools, which are currently lacking.
This paper investigates factors that affect amplification DoS attacks on three UDP-based protocols, DNS, NTP, and Memcached. Our analysis indicates that for DNS, factors such as the buffer size, replying to ANY queries, Resource Records (RR), and Name Servers (NS) per domain significantly impact the amplification potential. For Memcached, the key and value lengths substantially affect the amplification factor. Regarding NTP, the magnitude of amplification is influenced by the number of recently contacted clients, with the version being a critical determinant for the likelihood of attack success for both NTP and Memcached.
By incorporating these parameters, we propose the development of an automated tool capable of identifying such vulnerable components within network infrastructures.