Related papers: BGPeek-a-Boo: Active BGP-based Traceback for Ampli…
The severity of amplification attacks has grown in recent years. Since 2013 there have been at least two attacks which involved over 300Gbps of attack traffic. This paper offers an analysis of these and many other amplification attacks. We…
In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at…
In this paper, we revisit the use of honeypots for detecting reflective amplification attacks. These measurement tools require careful design of both data collection and data analysis including cautious threshold inference. We survey common…
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block…
IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the…
The identification of the exact path that packets are routed in the network is quite a challenge. This paper presents a novel, efficient traceback strategy in combination with a defence system against distributed denial of service (DDoS)…
The Border Gateway Protocol (BGP) remains a fragile pillar of Internet routing. BGP hijacks still occurr daily. While full deployment of Route Origin Validation (ROV) is ongoing, attackers have already adapted, launching post-ROV attacks…
DNS is important in nearly all interactions on the Internet. All large DNS operators use IP anycast, announcing servers in BGP from multiple physical locations to reduce client latency and provide capacity. However, DNS is easy to spoof:…
Multiple probabilistic packet marking (PPM) schemes for IP traceback have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In this paper, ten…
This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities…
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional…
The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the…
DDoS attacks remain a major security threat to the continuous operation of Internet edge infrastructures, web services, and cloud platforms. While a large body of research focuses on DDoS detection and protection, to date we ultimately…
The identification of the exact path that packets are routed on in the network is quite a challenge. This paper presents a novel, efficient traceback strategy named Tracemax in context of a defense system against distributed denial of…
As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves…
Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders…
BGP (Border Gateway Protocol) serves as the primary routing protocol for the Internet, enabling Autonomous Systems (individual network operators) to exchange network reachability information. Alongside significant on-going research and…
This paper studies a new active eavesdropping technique via the so-called spoofing relay attack, which could be launched by the eavesdropper to significantly enhance the information leakage rate from the source over conventional passive…
The Border Gateway Protocol (BGP) is globally used by Autonomous Systems (ASes) to establish route paths for IP prefixes in the Internet. Due to the lack of authentication in BGP, an AS can hijack IP prefixes owned by other ASes (i.e.,…
The lack of security of the Internet routing protocol (BGP) has allowed attackers to divert Internet traffic and consequently perpetrate service disruptions, monetary frauds, and even citizen surveillance for decades. State-of-the-art…