Abstract
In this paper, we propose a solution to eliminate a popular type of Denial of Service (DoS) attack, which is a DoS amplification attack. Note that a DoS is a subset of DDoS. Our solution protects servers running any number of TCP services. This paper is focused on the most popular type of DoS amplification attack, which uses the UDP protocol. Via DoS UDP amplification attacks, an attacker can send a 1 Gbps traffic stream to reflectors. The reflectors will then send up 556 times that amount (amplified traffic) to the victim’s server. So just ten PCs, each sending 10 Mbps, can send 55 Gbps indirectly, via reflectors, to a victim’s server. Very few ISP customers have 55 Gpbs provisioned. Expensive and complex solutions exist. However our elimination techniques can be implemented very quickly, easily and at an extremely low cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anonymous Takes Down ISIS Websites, Confirms Leaked Government Documents Were Real/Softmates Inc. http://www.softmates.org/2015/01/22/anonymous-takes-down-isis-websites-confirms-leaked-government-documents-were-real/. Accessed on 29 January 2015
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. 51, 1–7 (2014)
British Spies Hit Anonymous With DDoS Attacks, vol. 2015. http://www.darkreading.com/attacks-and-breaches/british-spieshit-anonymous-with-ddos-attacks/d/d-id/1113719
Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed denial of service: attacks and defenses. IEEE Secur. Priv. 12(1), 54–61 (2014). doi:10.1109/MSP.2013.55
Kavisankar, L., et al.: A pioneer scheme in the detection and defense of DrDoS attack involving spoofed flooding packets. KSII Trans. Internet Inform. Syst. 8(5), 1726–1743 (2014)
Lin, C.-H., et al.: Preserving quality of service for normal users against DDoS attacks by using Double Check Priority Queues. J. Ambient Intell. Humaniz. Comput. 4(2), 275–282 (2013)
Lu, N., et al.: Filtering location optimization for the reactive packet filtering. Secur. Commun. Netw. 7(7), 1150–1164 (2014)
Nam, S.Y., et al.: Estimation of the available bandwidth ratio of a remote link or path segments. Comput. Netw. 57(1), 61–77 (2013)
Panja, B., et al.: Monitoring and managing cloud computing security using denial of service bandwidth allowance. Recent Pat. Comput. Sci. 6(1), 73–81 (2013)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 3-es (2007). doi:10.1145/1216370.1216373. ISSN: 03600300. Accessed on 21 March 2015
Preetha, G., Devi, B.S.K., Shalinie, S.M.: Autonomous agent for DDoS attack detection and defense in an experimental testbed. Int. J. Fuzzy Syst. 16(4), 520–528 (2014)
Shanmugam, M., Saleem Basha, M.S.: DDos attack traceback and chaosin a distributed network a survey. Int. J. Appl. Eng. Res. 8(10), 1159–1169 (2013)
UDP-based Amplification Attacks — US-CERT. USA Homeland Security, US-CERT, UDP Attackss. https://www.us-cert.gov/ncas/alerts/TA14-017A. Accessed on 25 March 2015
Varalakshmi, P., Selvi, S.T.: Thwarting DDoS attacks in grid using information divergence. Future Gener. Comput. Syst. 29(1), 429–441 (2013)
Wei, W., et al.: A rank correlation based detection against distributed reflection DoS attacks. IEEE Commun. Lett. 17(1), 173–175 (2013). Cited By: 8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Booth, T.G., Andersson, K. (2015). Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services. In: Doss, R., Piramuthu, S., ZHOU, W. (eds) Future Network Systems and Security. FNSS 2015. Communications in Computer and Information Science, vol 523. Springer, Cham. https://doi.org/10.1007/978-3-319-19210-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-19210-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19209-3
Online ISBN: 978-3-319-19210-9
eBook Packages: Computer ScienceComputer Science (R0)