Skip to main content
SpringerLink
Log in

Leveraging Man-in-the-middle DoS Attack with Internal TCP Retransmissions in Virtual Network

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10717))

Included in the following conference series:

Abstract

Denial of service (DoS) attacks recently pose great threat to cloud services since it can be able to cause serious damages to others virtual machines (VM) that are on the same physical server with the victim. This opens a new strategy of DoS attack, which is the attacker attempt to be co-resident with the victim server and execute a cross-VM DoS attack inside the cloud. Among DoS attack techniques, recent studies show that TCP retransmission can be abused for reflective amplification attacks. In a virtual environment, the virtual switch system itself can retransmit TCP packets and therefore it can be abused for amplification attack by an internal attacker. In this paper, we leverage the attack by using both virtual switch’s internal TCP retransmission feature and Man-in-the-middle attack model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Somani, G., Gaur, M.S., Sanghi, D., Conti, M.: DDoS attacks in cloud computing: collateral damage to non-targets. Comput. Netw. 109, 157–171 (2016). http://www.sciencedirect.com/science/article/pii/S1389128616300901. Accessed 25 July 2017

    Article  Google Scholar 

  2. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM Conference on Computer and Communications Security 2009 (CCS 2009), November 2009. https://cseweb.ucsd.edu/hovav/dist/cloudsec.pdf. Accessed 25 July 2017

  3. Abramov, R., Herzberg, A.: TCP ack storm DoS attacks. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 29–40. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21424-0_3. Accessed 25 July 2017

    Chapter  Google Scholar 

  4. Kührer, M., Hupperich, T., Rossow, C., Holz, T.: Hell of a handshake: abusing TCP for reflective amplification DDoS attacks. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14), August 2014. https://www.usenix.org/conference/woot14/workshop-program/presentation/kuhrer. Accessed 30 May 2017

  5. Kührer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: 23rd USENIX Security Symposium (USENIX Security 14), August 2014. https://www.usenix.org/node/184412. Accessed 30 May 2017

  6. Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Symposium on Network and Distributed System Security (NDSS), February 2014. https://www.internetsociety.org/sites/default/files/01_5.pdf. Accessed 30 May 2017

  7. IBM: Reviewing a year of serious data breaches, major attacks and new vulnerabilities, April 2016. https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEP03394USEN. Access 30 May 2017

  8. IETF: Transmission Control Protocol, DARPA Internet Program Protocol Specification RFC793 (1981). https://tools.ietf.org/html/rfc793. Accessed 30 May 2017

  9. Wireshark: Network protocol analyzer, Wireshark v2.2.6. https://www.wireshark.org/

  10. VMWare: Workstation for Windows, VMWare Workstation Pro 12. https://www.vmware.com/products/workstation.html

  11. FSN: The economy is flat so why are financials Cloud vendors growing at more than 90 percent per annum? March 2013. http://www.fsn.co.uk/channel_outsourcing/. Accessed 30 May 2017

Download references

Acknowledgment

This work was supported by JSPS KAKENHI Grant Number 17K06455.

Author information

Authors and Affiliations

  1. National Defense Academy of Japan, Yokosuka, Japan

    Son Duc Nguyen, Mamoru Mimura & Hidema Tanaka

Authors
  1. Son Duc Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mamoru Mimura
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hidema Tanaka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Son Duc Nguyen .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

  2. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  3. Rutgers University, Newark, New Jersey, USA

    Jaideep Vaidya

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, S.D., Mimura, M., Tanaka, H. (2017). Leveraging Man-in-the-middle DoS Attack with Internal TCP Retransmissions in Virtual Network. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72598-7_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72597-0

  • Online ISBN: 978-3-319-72598-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation