English
Related papers

Related papers: BGPeek-a-Boo: Active BGP-based Traceback for Ampli…

200 papers

The severity of amplification attacks has grown in recent years. Since 2013 there have been at least two attacks which involved over 300Gbps of attack traffic. This paper offers an analysis of these and many other amplification attacks. We…

Networking and Internet Architecture · Computer Science 2016-08-08 Fabrice J. Ryba , Matthew Orlinski , Matthias Wählisch , Christian Rossow , Thomas C. Schmidt

In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at…

Cryptography and Security · Computer Science 2021-10-07 Marcin Nawrocki , Mattijs Jonker , Thomas C. Schmidt , Matthias Wählisch

In this paper, we revisit the use of honeypots for detecting reflective amplification attacks. These measurement tools require careful design of both data collection and data analysis including cautious threshold inference. We survey common…

Cryptography and Security · Computer Science 2024-05-07 Marcin Nawrocki , John Kristoff , Raphael Hiesgen , Chris Kanich , Thomas C. Schmidt , Matthias Wählisch

The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block…

Networking and Internet Architecture · Computer Science 2012-02-22 K. Munivara Prasad , A. Rama Mohan Reddy , V Jyothsna

IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the…

Networking and Internet Architecture · Computer Science 2021-10-05 Jasper Eumann , Raphael Hiesgen , Thomas C. Schmidt , Matthias Wählisch

The identification of the exact path that packets are routed in the network is quite a challenge. This paper presents a novel, efficient traceback strategy in combination with a defence system against distributed denial of service (DDoS)…

Networking and Internet Architecture · Computer Science 2024-07-17 Peter Hillmann , Frank Tietze , Gabi Dreo Rodosek

The Border Gateway Protocol (BGP) remains a fragile pillar of Internet routing. BGP hijacks still occurr daily. While full deployment of Route Origin Validation (ROV) is ongoing, attackers have already adapted, launching post-ROV attacks…

Cryptography and Security · Computer Science 2025-07-29 Alessandro Giaconia , Muoi Tran , Laurent Vanbever , Stefano Vissicchio

DNS is important in nearly all interactions on the Internet. All large DNS operators use IP anycast, announcing servers in BGP from multiple physical locations to reduce client latency and provide capacity. However, DNS is easy to spoof:…

Cryptography and Security · Computer Science 2020-11-30 Lan Wei , John Heidemann

Multiple probabilistic packet marking (PPM) schemes for IP traceback have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In this paper, ten…

Networking and Internet Architecture · Computer Science 2016-02-05 Matthias R. Brust , Ankunda R. Kiremire

This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities…

Cryptography and Security · Computer Science 2014-05-23 Claude Fachkha , Elias Bou-Harb , Mourad Debbabi

Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional…

Cryptography and Security · Computer Science 2012-01-11 Saravanan Kumarasamy , R. Asokan

The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the…

Cryptography and Security · Computer Science 2020-01-27 Jared M. Smith , Kyle Birkeland , Tyler McDaniel , Max Schuchard

DDoS attacks remain a major security threat to the continuous operation of Internet edge infrastructures, web services, and cloud platforms. While a large body of research focuses on DDoS detection and protection, to date we ultimately…

Cryptography and Security · Computer Science 2021-03-09 Daniel Kopp , Christoph Dietzel , Oliver Hohlfeld

The identification of the exact path that packets are routed on in the network is quite a challenge. This paper presents a novel, efficient traceback strategy named Tracemax in context of a defense system against distributed denial of…

Networking and Internet Architecture · Computer Science 2020-04-21 Peter Hillmann , Frank Tietze , Gabi Dreo Rodosek

As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves…

Cryptography and Security · Computer Science 2024-08-20 Henry Birge-Lee , Maria Apostolaki , Jennifer Rexford

Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders…

Networking and Internet Architecture · Computer Science 2025-06-06 Ling Hu , Tao Yang , Yu Pang , Bingnan Hou , Zhiping Cai , Bo Yu

BGP (Border Gateway Protocol) serves as the primary routing protocol for the Internet, enabling Autonomous Systems (individual network operators) to exchange network reachability information. Alongside significant on-going research and…

Networking and Internet Architecture · Computer Science 2017-05-25 Joel Obstfeld , Xiaoyu Chen , Olivier Frebourg , Pavan Sudheendra

This paper studies a new active eavesdropping technique via the so-called spoofing relay attack, which could be launched by the eavesdropper to significantly enhance the information leakage rate from the source over conventional passive…

Information Theory · Computer Science 2015-09-30 Yong Zeng , Rui Zhang

The Border Gateway Protocol (BGP) is globally used by Autonomous Systems (ASes) to establish route paths for IP prefixes in the Internet. Due to the lack of authentication in BGP, an AS can hijack IP prefixes owned by other ASes (i.e.,…

Networking and Internet Architecture · Computer Science 2016-11-09 Pavlos Sermpezis , Gavriil Chaviaras , Petros Gigis , Xenofontas Dimitropoulos

The lack of security of the Internet routing protocol (BGP) has allowed attackers to divert Internet traffic and consequently perpetrate service disruptions, monetary frauds, and even citizen surveillance for decades. State-of-the-art…

Networking and Internet Architecture · Computer Science 2023-01-31 Tobias Bühler , Alexandros Milolidakis , Romain Jacob , Marco Chiesa , Stefano Vissicchio , Laurent Vanbever
‹ Prev 1 2 3 10 Next ›