Advertisement

LoRDAS: A Low-Rate DoS Attack against Application Servers

  • Gabriel Maciá-Fernández
  • Jesús E. Díaz-Verdejo
  • Pedro García-Teodoro
  • Francisco de Toro-Negro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)

Abstract

In a communication network, there always exist some specific servers that should be considered a critical infrastructure to be protected, specially due to the nature of the services that they provide. In this paper, a low-rate denial of service attack against application servers is presented. The attack gets advantage of known timing mechanisms in the server behaviour to wisely strike ON/OFF attack waveforms that cause denial of service, while the traffic rate sent to the server is controlled, thus allowing to bypass defense mechanisms that rely on the detection of high rate traffics. First, we determine the conditions that a server should present to be considered a potential victim of this attack. As an example, the persistent HTTP server case is presented, being the procedure for striking the attack against it described. Moreover, the efficiency achieved by the attack is evaluated in both simulated and real environments, and its behaviour studied according to the variations on the configuration parameters. The aim of this work is to denounce the feasibility of such attacks in order to motivate the development of defense mechanisms.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CERT coordination Center. Denial of Service Attacks, http://www.cert.org/tech_tips/denial_of_service.html
  2. 2.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  3. 3.
    Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service. Attack and Defense Mechanisms. Prentice-Hall, Englewood Cliffs (2004)Google Scholar
  4. 4.
    Kuzmanovic, A., Knightly, E.: Low Rate TCP-targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)Google Scholar
  5. 5.
    Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P.: Assessment of a Vulnerability in Iterative Servers Enabling Low-Rate DoS Attacks. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 512–526. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Siris, V.A., Papagalou, F.: Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications 29(9), 1433–1442 (2006)CrossRefGoogle Scholar
  7. 7.
    Huang, Y., Pullen, J.: Countering denial of service attacks using congestion triggered packet sampling and filtering. In: Proceedings of the 10th International Conference on Computer Communications and Networks (2001)Google Scholar
  8. 8.
    Gil, T.M., Poleto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th USENIX Security Symposium (2001)Google Scholar
  9. 9.
    Zaki, M.J., Li, W., Parthasarathy, S.: Customized dynamic load balancing for a network of workstations. In: Fifth IEEE International Symposium on High Performance Distributed Computing (HPDC-5 1996), pp. 282–291 (1996)Google Scholar
  10. 10.
    Liu, Z., Niclausse, N., Jalpa-Villanueva, C.: Traffic model and performance evaluation of Web servers. Performance Evaluation 46(2-3), 77–100 (2001)zbMATHCrossRefGoogle Scholar
  11. 11.
    Song, T.T.: Fundamentals of Probability and Statistics for Engineers. John Wiley, Chichester (2004)Google Scholar
  12. 12.
    Network Simulator 2, http://www.isi.edu/nsnam/ns/
  13. 13.
    Fielding, R., Irvine, U.C., Gettys, J., Mogul, J., Frystyk, H., Berners-Lee, T.: RFC2068, Hypertext Transfer Protocol - HTTP/1.1, Network Working Group (January 1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Gabriel Maciá-Fernández
    • 1
  • Jesús E. Díaz-Verdejo
    • 1
  • Pedro García-Teodoro
    • 1
  • Francisco de Toro-Negro
    • 1
  1. 1.Dpt. of Signal Theory, Telematics and CommunicationsUniversity of GranadaGranadaSpain

Personalised recommendations